Enforcing SAML2/transmission of persistentId for WAYF service?
Stefan Kombrink
stefan.kombrink at uni-ulm.de
Thu Nov 21 02:24:23 EST 2019
Dear community,
I've got a SP setup, where I require the persistentId, and I want to
attach a discovery service.
As long as I define a single IdP as entityId I retrieve the persistentId
during a session:
<SSO entityID="https://idp-test.rz.uni-ulm.de/idp/shibboleth">SAML2
SAML1</SSO>
*SSO Protocol:* urn:oasis:names:tc:SAML:2.0:protocol
*Authentication Context Class:* urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
When I switch over to WAYF:
<SSO discoveryProtocol="WAYF" ECP="true"
discoveryURL="https://wayf.aai.dfn.de/DFN-AAI-Test/wayf/www/WAYF.php">SAML2
SAML1</SSO>
I do not get the persistentId any longer. Furthermore, I can see the
Session is using
*SSO Protocol:* urn:oasis:names:tc:SAML:1.1:protocol
*Authentication Context Class:* urn:oasis:names:tc:SAML:1.0:am:password
To me it seems as if the WAYF forces it to use SAML1, and that's why I
do not obtain the entityID. Is that so?
Is there a discovery service I could use instead which will be SAML2
compatible and give me the persistentID?
thanks & best regards
Stefan
--
Kontaktdaten: https://portal.uni-ulm.de/ETB/ab/showPerson.html?pid=46110
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191121/43c98e3b/attachment.html>
More information about the users
mailing list