Enforcing SAML2/transmission of persistentId for WAYF service?
stefan.kombrink at uni-ulm.de
Thu Nov 21 03:48:40 EST 2019
Okay, to answer my own question, I had to change the SSO into:
Now it uses SAML2 and I get an persistentId.
Am 21.11.2019 um 08:24 schrieb Stefan Kombrink:
> Dear community,
> I've got a SP setup, where I require the persistentId, and I want to
> attach a discovery service.
> As long as I define a single IdP as entityId I retrieve the
> persistentId during a session:
> <SSO entityID="https://idp-test.rz.uni-ulm.de/idp/shibboleth">SAML2
> *SSO Protocol:* urn:oasis:names:tc:SAML:2.0:protocol
> *Authentication Context Class:* urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
> When I switch over to WAYF:
> <SSO discoveryProtocol="WAYF" ECP="true"
> I do not get the persistentId any longer. Furthermore, I can see the
> Session is using
> *SSO Protocol:* urn:oasis:names:tc:SAML:1.1:protocol
> *Authentication Context Class:* urn:oasis:names:tc:SAML:1.0:am:password
> To me it seems as if the WAYF forces it to use SAML1, and that's why I
> do not obtain the entityID. Is that so?
> Is there a discovery service I could use instead which will be SAML2
> compatible and give me the persistentID?
> thanks & best regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users