sign/encrypt assertions attributes not being honoured
sshabbir
sshabbir at bmj.com
Thu Aug 2 11:17:27 EDT 2018
Hello,
and thanks that all worked.
For anyone else stumbles onto same issue, I'll summarize my changes based on
Peters' comment above.
To achieve an IDP response, making use of "unspecified", as below
<saml2:Subject>
<saml2:NameID
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="https://..../idp/shibboleth"
SPNameQualifier="https://..../samlLogin">
id2001251
</saml2:NameID>
......
Update your attribute resolver as below
<AttributeDefinition xsi:type="Simple" id="userName"
sourceAttributeID="userName">
<Dependency ref="scriptedAttributeConnector" />
<AttributeEncoder xsi:type="SAML2String"
<b>name="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"*
encodeType="false" />
</AttributeDefinition>
relying-party.xml,
<bean parent="RelyingPartyByName"
c:relyingPartyIds="#{{'https://f1e6084c-34d7-4434-a8f1-23c13e29dea8.tenants.brightspace.com/samlLogin'}}">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO" p:encryptAssertions="false"
p:signAssertions="true" p:encryptNameIDs="false"
<b>p:nameIDFormatPrecedence="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
/>*
</list>
</property>
</bean>
saml-nameid.xml
<bean parent="shibboleth.SAML2AttributeSourcedGenerator"
p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
p:attributeSourceIds="#{ {'userName'} }" />
-----
Syed
--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
More information about the users
mailing list