Enforcing SAML2/transmission of persistentId for WAYF service?
stefan.kombrink at uni-ulm.de
Thu Nov 21 02:24:23 EST 2019
I've got a SP setup, where I require the persistentId, and I want to
attach a discovery service.
As long as I define a single IdP as entityId I retrieve the persistentId
during a session:
*SSO Protocol:* urn:oasis:names:tc:SAML:2.0:protocol
*Authentication Context Class:* urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
When I switch over to WAYF:
<SSO discoveryProtocol="WAYF" ECP="true"
I do not get the persistentId any longer. Furthermore, I can see the
Session is using
*SSO Protocol:* urn:oasis:names:tc:SAML:1.1:protocol
*Authentication Context Class:* urn:oasis:names:tc:SAML:1.0:am:password
To me it seems as if the WAYF forces it to use SAML1, and that's why I
do not obtain the entityID. Is that so?
Is there a discovery service I could use instead which will be SAML2
compatible and give me the persistentID?
thanks & best regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users