getting desired value into nameID

IAM David Bantz dabantz at alaska.edu
Fri Oct 7 00:26:28 UTC 2022 

Thank; I do have a relying party override for this and similar entities
specifying nameid-format:emailAddress precedence.

In any case every nameid generator in saml-nameid is triggered by SP
entityID, and no entityID appears more than once.

David

On 06Oct2022 at 16:10:43, Les LaCroix via users <users at shibboleth.net>
wrote:

> This sounds a bit like I was seeing the other week.  My problem was a
> nameIDFormatPrecedence defined in my DefaultRelyingParty bean.  Any format
> that's in metadata is filtered out if it's not in that list.  The only
> solution that was suggested in that thread is that a relying party override
> was needed.
>
> -Les
>
> <http://www.carleton.edu/>
>
> *Les LaCroix '79*
>
> Strategic Technologist
>
> Information Technology Services
>
> t: (507) 222-5455
>
>
> On Thu, Oct 6, 2022 at 7:02 PM IAM David Bantz via users <
> users at shibboleth.net> wrote:
>
>> Yes I’ve run these 3 variations:
>>
>>    - all 4 policies
>>    - no policies
>>    - only the emalAddress policy
>>
>>
>>
>> On 06Oct2022 at 15:58:52, "Mak, Steven" <makst at upenn.edu> wrote:
>>
>>> For an easy test, remove the other NameIDPolicies in the SP metadata so
>>> only emailAddress is remaining.
>>>
>>>
>>>
>>> Then just make sure the logic of your resolver config allows the release
>>> of some attribute that can fulfill that policy to that service.
>>>
>>>
>>>
>>> - Steve
>>>
>>>
>>>
>>> *From: *IAM David Bantz <dabantz at alaska.edu>
>>> *Date: *Thursday, October 6, 2022 at 7:55 PM
>>> *To: *Mak, Steven <makst at upenn.edu>
>>> *Cc: *Shib Users <users at shibboleth.net>
>>> *Subject: *Re: getting desired value into nameID
>>>
>>> I’m debugging the config against the resolver exerciser and unsolicited
>>> request, so no normal incoming SAML request.
>>>
>>>
>>>
>>> David
>>>
>>>
>>>
>>> On 06Oct2022 at 15:42:58, "Mak, Steven" <makst at upenn.edu> wrote:
>>>
>>> Double check the SAML request that is coming in. If it is stating
>>> something like NameIDPolicy > unspecified + Exact, then that may be why you
>>> are having trouble.
>>>
>>>
>>>
>>> - Steve Mak
>>>
>>>
>>>
>>> --
>> For Consortium Member technical support, see
>> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>>
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221006/4434faea/attachment.htm>

More information about the users mailing list