Problem sending email address as NameID in subject

Peter Schober peter.schober at univie.ac.at
Tue Jan 20 05:28:43 EST 2015


* Andrew Cheung <acheung at brookfieldres.com> [2015-01-19 22:30]:
> Hi. I have problems sending the email address as NameID in the
> subject. (I use Novell eDirectory as the datastore and access it
> using LDAP).

Does that involve setting the NameID format to email address?
Because you're setting it to "unspecified" (which Scott has pointed
out many times on this list doesn't make a whole lot of sense, as
clearly you're sending a specific type of data, as arranged with the
SP).

> <afp:AttributeFilterPolicy id="releaseGoogleMySiteAEmail">
>   <afp:PolicyRequirementRule xsi:type="basic:NOT">
>      <basic:Rule xsi:type="basic:AttributeRequesterString" value=" https://google.com/a/dev.mysiteA.ca"/>
>   </afp:PolicyRequirementRule>
>   <afp:AttributeRule attributeID="GoogleMySiteAEmail">
>     <afp:PermitValueRule xsi:type="basic:ANY" />
>   </afp:AttributeRule>
> </afp:AttributeFilterPolicy>

So the aim is to send an attribute with the internal id of
"GoogleMySiteAEmail" to /any/ SP your IDP knows, /except/ to the one
that calls itself "https://google.com/a/dev.mysiteA.ca"?
If anyone other than you will ever need to understand that config
snipped I guess a comment with an explanation for that poor sod would
be in order.

But we still don't know what exactly the problem is: To what SAML SP
do you want to send that piece of data, and what is the result
according to your logs (and application behaviour)?
-peter


More information about the users mailing list