Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6318

IdP proxy should populate the AuthenticatingAuthority element in its Responses

    Details

    • Sprint:
      Sprint 84 - Sustaining
    • Support Ticket IDs:

      Description

      According to the SAML core spec, section 3.4.1.5.1:

      The <saml:AuthnStatement> in the new assertion MUST include a <saml:AuthnContext>
      element containing a <saml:AuthenticatingAuthority> element referencing the identity
      provider to which the proxying identity provider referred the presenter. If the original assertion
      contains <saml:AuthnContext> information that includes one or more
      <saml:AuthenticatingAuthority> elements, those elements SHOULD be included in the
      new assertion, with the new element placed after them.

      OpenAM currently does not populate the AuthenticatingAuthority field, which appears to violate a MUST in the spec.

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              peter.major Peter Major [X] (Inactive)
              QA Assignee:
              Nemanja Lukic
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0h
                0h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 6h
                6h