IdP implementation roadmap
Andrew Morgan
morgan at orst.edu
Sun Apr 21 10:55:42 EDT 2019
Search for "unspecified" on this wiki page:
https://wiki.shibboleth.net/confluence/display/IDP30/SAML2SSOConfiguration
Andy
On Sun, 21 Apr 2019, Yakov Revyakin wrote:
> SP declares support of 'unspecified' for username in documentation.
> SP doesn't provide any 'NameIDPolicy' in authnrequest.
> Even if IdP has all necessary settings for 'unspecified' the IdP doesn't
> return 'unspecified' because of lack of 'NameIDPolicy' in request.
> If my hand made SP metadata includes NameIDFormat as 'emailAddress' the SP
> doesn't look for username inside response because it waits for
> 'unspecified'.
>
> How to return NameID forcibly/directly as 'unspecified' (without any
> dependencies on authnrequest or metadata).
> Thanks
>
> On Fri, 19 Apr 2019 at 18:57, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
>>> You mean that if there are few options and one of them is 'unspecified'
>> then
>>> any other aren't considered as options, don't you?
>>
>> Yes, that's what it's doing. I didn’t remember it was doing that, but the
>> V3 behavior is the same as the V2 behavior and that's why it was coded that
>> way. The problem with changing it is that it literally can change the
>> behavior of running systems after an upgrade. All to change how it handles
>> something that should never appear anywhere in any XML under any
>> circumstances. That's a poor justification for a change.
>>
>> -- Scott
>>
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
More information about the users
mailing list