IDP rely configuration - Adobe suggests a modification of default behaviour - any hints?
peter.schober at univie.ac.at
Fri Oct 4 07:58:47 EDT 2019
* Cantor, Scott <cantor.2 at osu.edu> [2019-02-12 04:46]:
> > We just went through this here. AFAIK, they require an email address for both
> > the NameID format and the released attribute - and that attribute must be
> > named "Email"
> They do not require an email NameID as long as an appropriate value
> is placed in the user's entry in Adobe's system in the FederatedID
> field, and they support standard attribute naming for
Thanks for the above information. Seems this has only now reached our
federation members, at last, judging from recent support requests.
I'll be advising to use the pairwise-id or subject-id URNs as the
Does anyone know whether the Okta SP (as used for Adobe Inc.) supports
While the generated metadata I've seen does contain a certificate that
comes with the use="signing" restriction (which when paired with
SPSSODescriptor/@AuthnRequestsSigned="false" and no SLO support makes
no sense as there's nothing left for the SP to sign).
Not knowing what (else) might be wrong I was hoping for the
use="signing" to be wrong, too.
More information about the users