Enforcing SAML2/transmission of persistentId for WAYF service?

Stefan Kombrink stefan.kombrink at uni-ulm.de
Thu Nov 21 02:24:23 EST 2019

Dear community,

  I've got a SP setup, where I require the persistentId, and I want to 
attach a discovery service.

As long as I define a single IdP as entityId I retrieve the persistentId 
during a session:

<SSO entityID="https://idp-test.rz.uni-ulm.de/idp/shibboleth">SAML2 

*SSO Protocol:*  urn:oasis:names:tc:SAML:2.0:protocol
*Authentication Context Class:*  urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

When I switch over to WAYF:

<SSO discoveryProtocol="WAYF" ECP="true" 

I do not get the persistentId any longer. Furthermore, I can see the 
Session is using

*SSO Protocol:*  urn:oasis:names:tc:SAML:1.1:protocol
*Authentication Context Class:*  urn:oasis:names:tc:SAML:1.0:am:password

To me it seems as if the WAYF forces it to use SAML1, and that's why I 
do not obtain the entityID. Is that so?

Is there a discovery service I could use instead which will be SAML2 
compatible and give me the persistentID?

thanks & best regards


Kontaktdaten: https://portal.uni-ulm.de/ETB/ab/showPerson.html?pid=46110

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191121/43c98e3b/attachment.html>

More information about the users mailing list