Disable NameIDGenerator for specificy relyingParty
Peter Schober
peter.schober at univie.ac.at
Fri May 22 15:21:21 UTC 2020
* Ignacio Amoeiro Bosch <ignacio.amoeiro at extern.ibsalut.es> [2020-05-22 08:48]:
> c:candidate="urn:federation:MicrosoftOnline"
And M$ really requires persistent NameIDs from you, specifically?
> As a workaround, I have filtered the sourceAttribute used by the
> SAMLPersitentGenerator in attribute-filter.xml
Interesting. I thought persistent NameID (and only those) worked on
/unreleased/ attributes? Because it wouldn't make (privacy) sense to
/also/ release the source attribute to the SP verbatim.
So IMO there's no way to prevent persistent NameIDs to be sent to an
SP using the attribute filter. Maybe I'm missing something?
-peter
More information about the users
mailing list