Announcement Announcement Module
Collapse
No announcement yet.
NameIDFormat not included in SAML messages Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • NameIDFormat not included in SAML messages

    Our IdP complains about missing NameIDFormat from us even though they are present in the metadata. It seems that theay are not included in the SAML messages:
    Code:
    <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
    Our metadata with the NameIDFormat entries is generated by using the following settings in MetadataGeneratorFilter:
    Code:
    <property name="nameID">
      <list>
        <value>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</value>
        <value>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</value>
      </list>
    </property>
    Any comments and/or explanations?

  • #2
    You can include NameID in your AuthnRequest using WebSSOProfileOptions. Create a new bean of this class, set the nameID as you wish and set the result to the SAMLEntryPoint's property defaultOptions. This should keep your IDP satisfied

    Vladimir Schäfer

    Comment

    Working...
    X