IdP implementation roadmap
Nate Klingenstein
ndk at signet.id
Tue Apr 16 11:07:25 EDT 2019
Yakov,
> 1) How to make Shib IdP and metadata-less SP friends?
Unfortunately, in these cases, you usually have to write the metadata for the SP and then load it into your IdP. It shouldn't be too hard to find the fields to replace using the SAML 2.0 Wikipedia article and SAMLtest's SP metadata as an example.
> 2) How to force the IdP to return the user name inside NameID tag with NameIDFormat set to
> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
In the metadata you've created for these SP's, right before the AssertionConsumerServices, add:
<md:NameIDFormat>urn:oasis:name:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
Of course, we don't recommend that you ever use unspecified, but of course, we understand that there are parts of the world with a different opinion.
Hope this helps,
Nate.
More information about the users
mailing list