IdP implementation roadmap
Yakov Revyakin
yrevyakin at gmail.com
Sun Apr 21 10:08:34 EDT 2019
SP declares support of 'unspecified' for username in documentation.
SP doesn't provide any 'NameIDPolicy' in authnrequest.
Even if IdP has all necessary settings for 'unspecified' the IdP doesn't
return 'unspecified' because of lack of 'NameIDPolicy' in request.
If my hand made SP metadata includes NameIDFormat as 'emailAddress' the SP
doesn't look for username inside response because it waits for
'unspecified'.
How to return NameID forcibly/directly as 'unspecified' (without any
dependencies on authnrequest or metadata).
Thanks
On Fri, 19 Apr 2019 at 18:57, Cantor, Scott <cantor.2 at osu.edu> wrote:
> > You mean that if there are few options and one of them is 'unspecified'
> then
> > any other aren't considered as options, don't you?
>
> Yes, that's what it's doing. I didn’t remember it was doing that, but the
> V3 behavior is the same as the V2 behavior and that's why it was coded that
> way. The problem with changing it is that it literally can change the
> behavior of running systems after an upgrade. All to change how it handles
> something that should never appear anywhere in any XML under any
> circumstances. That's a poor justification for a change.
>
> -- Scott
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190421/8fcb847f/attachment.html>
More information about the users
mailing list