Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6318

IdP proxy should populate the AuthenticatingAuthority element in its Responses

    XMLWordPrintable

Details

    • Rank:
      1|hzlmif:
    • Sprint 84 - Sustaining

    Description

      According to the SAML core spec, section 3.4.1.5.1:

      The <saml:AuthnStatement> in the new assertion MUST include a <saml:AuthnContext>
      element containing a <saml:AuthenticatingAuthority> element referencing the identity
      provider to which the proxying identity provider referred the presenter. If the original assertion
      contains <saml:AuthnContext> information that includes one or more
      <saml:AuthenticatingAuthority> elements, those elements SHOULD be included in the
      new assertion, with the new element placed after them.

      OpenAM currently does not populate the AuthenticatingAuthority field, which appears to violate a MUST in the spec.

      Attachments

        Activity

          People

            peter.major Peter Major [X] (Inactive)
            peter.major Peter Major [X] (Inactive)
            Nemanja Lukic Nemanja Lukic
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 0h
                0h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 6h
                6h