Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-3525

SamlFederationHandler should support other NameID formats options other than just transient

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.0.0, 5.5.0, 5.5.1, 6.0.0, 6.1.0, 6.5.0
    • Fix Version/s: 6.5.3, 7.0.0-micsvc-1.0.0, 7.0.0
    • Component/s: SAML
    • Environment:
      Working with an IDP that does not support transient NameID format
    • Support Ticket IDs:
    • Sprint:
      OpenIG Sprint 144
    • Story Points:
      3

      Description

      Currently when doing an SP initiated authentication, 

      urn:oasis:names:tc:SAML:2.0:nameid-format:transient is the only NameID format supported.

      There is a workaround for this when using IDP initiated login mentioned in OPENIG-409

      If no NameID is passed down as part of the SPSSOFederate.initiateAuthnRequest call, then list of supported NameID formats comes from the SP and IDP metadata.

      A parameter could be introduced to allow for this to be overridden if required.

      OPENAM-3470 provides a lot more flexibility around how persistent NameIDs are handled as an SP, IG can be configured to make use of these options as they are in the version of AM federation libraries used by IG.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                markdr Mark de Reeper
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: