NameID wihtout a Format - How to Map Attribute?
Gernot Hassenpflug
gernot.hassenpflug at asahinet.com
Tue Mar 13 04:21:15 EDT 2018
Martin Haase <Martin.Haase at DAASI.de> writes:
> Hi folks,
>
> this IdP sends a <NameID> without a "Format" attribute. SAML specs say
> that "if no Format value is provided, then the value
> urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified ... is in effect".
> Thus I would expect to be able to write this in attribute-map.xml on the
> SP side:
>
> <Attribute
> name="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified" id="some_id">
> <AttributeDecoder xsi:type="NameIDAttributeDecoder"
> formatter="$Name" />
> </Attribute>
>
> ...but it does not seem to return the NameID as an attribute. Leaving
> aside interoperability, how must the SP be configured to accomodate a
> SAML message from this particular IdP?
Hi Martin,
On our SP setup, as an example, we use:
<Attribute name="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" id="unspecified-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$Name" defaultQualifiers="true"/>
</Attribute>
(defaultQualifiers is not something we looked at here, just left in as
part of our defaults)
In settin up our SP, I noted that I had referenced this example (obviously after reading
the actual Shibboleth Wiki pages first):
https://stackoverflow.com/questions/44464929/shibboleth-service-provider-how-to-populate-remote-user-variable
Best regards,
Gernot Hassenpflug
--
Asahi Net, Inc.
Tokyo, Japan
More information about the users
mailing list