Resolving attributes from a SAML proxy
Cantor, Scott
cantor.2 at osu.edu
Fri Oct 8 16:49:50 UTC 2021
On 10/8/21, 12:14 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> I suspected an attribute format issue, but I can't figure out what it's supposed to be because Microsoft is
> very bare bones in the attribute statement:
saml2.nameFormat = urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
The IdP works the same as the SP's attribute map. We believe that Attribute NameFormat should always be "....uri" so that's the default, and anything else has to be spelled out. We made *our* default behavior simpler to specify, not how other people do things (incorrectly in my view).
-- Scott
More information about the users
mailing list