Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.0.0, 5.5.0, 5.5.1, 6.0.0, 6.1.0, 6.5.0
-
Fix Version/s: 6.5.3, 7.0.0-micsvc-1.0.0, 7.0.0
-
Component/s: SAML
-
Labels:
-
Environment:Working with an IDP that does not support transient NameID format
-
Support Ticket IDs:
-
Sprint:OpenIG Sprint 144
-
Story Points:3
Description
Currently when doing an SP initiated authentication,
urn:oasis:names:tc:SAML:2.0:nameid-format:transient is the only NameID format supported.
There is a workaround for this when using IDP initiated login mentioned in OPENIG-409
If no NameID is passed down as part of the SPSSOFederate.initiateAuthnRequest call, then list of supported NameID formats comes from the SP and IDP metadata.
A parameter could be introduced to allow for this to be overridden if required.
OPENAM-3470 provides a lot more flexibility around how persistent NameIDs are handled as an SP, IG can be configured to make use of these options as they are in the version of AM federation libraries used by IG.
Attachments
Issue Links
- depends on
-
OPENAM-3470 The SAML2 nameid should not be persisted if the nameid-format is not persistent
-
- Resolved
-
- is documented by
-
OPENIG-3535 Doc: SamlFederationHandler should support other NameID formats options other than just transient (OPENIG-3525)
-
- Resolved
-
-
OPENIG-4682 Doc: SamlFederationHandler should support other NameID formats options other than just transient (OPENIG-3525)
-
- Resolved
-
- is related to
-
OPENIG-409 Fedlet should support nameid-format:persistent
-
- Resolved
-