Service wants persistent nameID, but metadata asks for transient (and others) #4

lhoekenga · 2017-05-16T20:36:35Z

DefaultSAMLUserDetailsService.java appears to be looking for either "urn:mace:dir:attribute-def:eduPersonTargetedID" or "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", but the generated metadata includes non-preferred formats:

    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
    <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat>

Can be fixed on the IDP side by removing the signature and adjusting the NameIDFormats by hand, but consider removing the unwanted / unneeded NameIDFormat elements from the generated metadata.

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Service wants persistent nameID, but metadata asks for transient (and others) #4

Service wants persistent nameID, but metadata asks for transient (and others) #4

lhoekenga commented May 16, 2017

Service wants persistent nameID, but metadata asks for transient (and others) #4

Service wants persistent nameID, but metadata asks for transient (and others) #4

Comments

lhoekenga commented May 16, 2017