[SOLVED] Re: NameID wihtout a Format - How to Map Attribute?

Martin Haase Martin.Haase at DAASI.de
Tue Mar 13 08:37:22 EDT 2018 

Hi,

the customer confirmed that the 1.1 version does work.

Thanks Gernot and all,

Martin


On 13.03.2018 09:40, Martin Haase wrote:
>
> Hi Gernot,
>
> seems like I fell into the SAML errata trap. I'l have a try and test
> urn:oasis:names:tc:SAML:*1.1*:nameid-format:unspecified.
>
> Cheers
> Martin
>
>
> On 13.03.2018 09:21, Gernot Hassenpflug wrote:
>> Martin Haase <Martin.Haase at DAASI.de> writes:
>>
>>> Hi folks,
>>>
>>> this IdP sends a <NameID> without a "Format" attribute. SAML specs say
>>> that "if no Format value is provided, then the value
>>> urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified ... is in effect".
>>> Thus I would expect to be able to write this in attribute-map.xml on the
>>> SP side:
>>>
>>>     <Attribute
>>> name="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified" id="some_id">
>>>         <AttributeDecoder xsi:type="NameIDAttributeDecoder"
>>> formatter="$Name" />
>>>     </Attribute>
>>>
>>> ...but it does not seem to return the NameID as an attribute. Leaving
>>> aside interoperability, how must the SP be configured to accomodate a
>>> SAML message from this particular IdP?
>> Hi Martin,
>> On our SP setup, as an example, we use:
>> <Attribute name="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" id="unspecified-id">
>>      <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$Name" defaultQualifiers="true"/>
>> </Attribute>
>> (defaultQualifiers is not something we looked at here, just left in as
>> part of our defaults)
>>
>> In settin up our SP, I noted that I had referenced this example (obviously after reading
>> the actual Shibboleth Wiki pages first):
>> https://stackoverflow.com/questions/44464929/shibboleth-service-provider-how-to-populate-remote-user-variable
>>
>> Best regards,
>> Gernot Hassenpflug
>
> -- 
> Dr. Martin Haase, Solutions Engineer
>
> DAASI International GmbH        
> Europaplatz 3                   
> D-72072 Tübingen                
> Germany                    
>
> phone: +49 7071 407109-0
> fax:   +49 7071 407109-9  
> email: martin.haase at daasi.de
> web:   www.daasi.de
>
> Sitz der Gesellschaft: Tübingen
> Registergericht: Amtsgericht Stuttgart, HRB 382175
> Geschäftsleitung: Peter Gietz
>
>

-- 
Dr. Martin Haase, Solutions Engineer

DAASI International GmbH        
Europaplatz 3                   
D-72072 Tübingen                
Germany                    

phone: +49 7071 407109-0
fax:   +49 7071 407109-9  
email: martin.haase at daasi.de
web:   www.daasi.de

Sitz der Gesellschaft: Tübingen
Registergericht: Amtsgericht Stuttgart, HRB 382175
Geschäftsleitung: Peter Gietz

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180313/2ce47cf6/attachment.html>

More information about the users mailing list