Making urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified a supportable identifier format
Alain O'Dea
alain.odea at gmail.com
Thu Jun 11 21:09:07 EDT 2015
I get the following error unless I hack the format to
urn:oasis:names:tc:SAML:2.0:nameid-format:transient in saml-java on my SP:
[org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:337] - Profile
Action AddNameIDToSubjects: Request specified use of an unsupportable
identifier format: urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
If I hack the format I get NameID values I can't use. I need the email
address on the SP. I don't want to do anything that will compromise my
SP's support for other IdPs.
I have the following in conf/attribute-resolver-ldap.xml:
<resolver:AttributeDefinition id="mailAsNameId" xsi:type="ad:Simple"
sourceAttributeID="mail">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="SAML2StringNameID"
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
</resolver:AttributeDefinition>
I have the following in metadata/saml-java.xml (my SP metadata):
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified</NameIDFormat>
I have the following in conf/attribute-filter.xml:
<!-- Release uid to saml-java -->
<afp:AttributeFilterPolicy>
<afp:PolicyRequirementRule
xsi:type="basic:AttributeRequesterString" value="
http://localhost:8080/consume.jsp" />
<afp:AttributeRule attributeID="mailAsNameId">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
</afp:AttributeFilterPolicy>
I am missing something. How do I
make urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified a supportable
identifier format?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150611/ac8a0adb/attachment-0001.html>
More information about the users
mailing list