IdP implementation roadmap
Yakov Revyakin
yrevyakin at gmail.com
Fri Apr 19 11:50:23 EDT 2019
Thanks Scott,
I am sure that it is really bored to explain again and again how it works.
But could you answer one extra question?
You mean that if there are few options and one of them is 'unspecified'
then any other aren't considered as options, don't you?
I thought that IdP ignores 'unspecified' but if something like
emailAddress is presented then IdP must use it trying to represent NameID.
On Fri, 19 Apr 2019 at 16:08, Cantor, Scott <cantor.2 at osu.edu> wrote:
> > If I remove explicitly
> >
> > <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
> > format:unspecified</md:NameIDFormat>
> >
> > from metadata it works properly and I can see NameID filled with mail.
> >
> > What have I broken?
>
> Yes, it does do that. If an SP is asking for "unspecified" it is explicity
> saying it doesn't care what it gets, so the metadata is ignored.
> "unspecified" is the absence of a requirement, not a requirement. Just as
> it is the equivalent of not specifying a Format in a NameID, it is the
> equivalent of not specifying a Format in metadata.
>
> -- Scott
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190419/ee193872/attachment.html>
More information about the users
mailing list