Attributes Encrypted in V3 versus V2
Lille M
lillemacdoe at gmail.com
Mon Dec 10 21:50:30 EST 2018
We have switched from IDP v2 to IDP v3 -- still learning the ropes.
For a cloud service, via saml-tracer, the attributes are encrypted in v3
(whereas in v2, it was unencrypted). The cloud metadata was imported as is
(no changes) -- only change is the entry below in relying-party.xml, where
I've been trying to send with attribute values unencrypted. Have I missed
anything else? Another cloud service is working fine with unencrypted
attributes sent, my assumption is that, something I have to do on the
vendor's metadata or in the relying-party.xml.
<bean parent="RelyingPartyByName"
c:relyingPartyIds="#{{'https://cloud'}}">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO"
p:authenticationFlows="MFA"
p:postAuthenticationFlows="#{{'expiring-password'}}"
p:encryptAssertions="false"
p:includeAttributeStatement="true"
p:signAssertions="false"
p:encryptNameIDs="false"
p:nameIDFormatPrecedence="#{{'urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified'}}"
/>
<ref bean="SAML2.Logout" />
</list>
</property>
</bean>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181210/9b041136/attachment.html>
More information about the users
mailing list