getting desired value into nameID
Lipscomb, Gary
glipscomb at csu.edu.au
Fri Oct 7 00:06:19 UTC 2022
Check the sequence of nameID creation in saml-nameid.xml
First match wins.
Gary Lipscomb
Technical Officer, Systems
IT Infrastructure & Security | Division of Information Technology
From: users <users-bounces at shibboleth.net> On Behalf Of IAM David Bantz via users
Sent: Friday, 7 October 2022 11:02
To: Mak, Steven <makst at upenn.edu>
Cc: IAM David Bantz <dabantz at alaska.edu>; Shib Users <users at shibboleth.net>
Subject: Re: getting desired value into nameID
Yes I’ve run these 3 variations:
* all 4 policies
* no policies
* only the emalAddress policy
On 06Oct2022 at 15:58:52, "Mak, Steven" <makst at upenn.edu<mailto:makst at upenn.edu>> wrote:
For an easy test, remove the other NameIDPolicies in the SP metadata so only emailAddress is remaining.
Then just make sure the logic of your resolver config allows the release of some attribute that can fulfill that policy to that service.
- Steve
From: IAM David Bantz <dabantz at alaska.edu<mailto:dabantz at alaska.edu>>
Date: Thursday, October 6, 2022 at 7:55 PM
To: Mak, Steven <makst at upenn.edu<mailto:makst at upenn.edu>>
Cc: Shib Users <users at shibboleth.net<mailto:users at shibboleth.net>>
Subject: Re: getting desired value into nameID
I’m debugging the config against the resolver exerciser and unsolicited request, so no normal incoming SAML request.
David
On 06Oct2022 at 15:42:58, "Mak, Steven" <makst at upenn.edu<mailto:makst at upenn.edu>> wrote:
Double check the SAML request that is coming in. If it is stating something like NameIDPolicy > unspecified + Exact, then that may be why you are having trouble.
- Steve Mak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221007/3ea6bb1e/attachment.htm>
More information about the users
mailing list