Tagged: 

This topic has 3 replies, 3 voices, and was last updated 6 years, 1 month ago by RaofM.

  • Author
    Posts
  • #14023
     epleisman
    Participant

    All,

    I have defined an IdP for testing my SP and SAML2.
    I am (for now) testing the assertion of 2 attributes: uid and mail.
    When I execute
    http://sso.pslntest.com:8080/openam/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=http://idp.psc.com:8080/openam
    and examine the assertions, I am only getting ONE attribute ever. If I change the attributes asserted around, I still only ever get the first attribute listed.

    What am I doing wrong (I am sure questions to follow in terms of my config).

    Thank you all.

    #14037
     RaofM
    Participant

    Hi Epleisman,

    What NameID Format are you using unspecified or transient ?

    if unspecified:
    urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified=uid
    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress=mail

    if transient:
    urn:oasis:names:tc:SAML:2.0:nameid-format:transient=uid
    urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress=mail

    and what mappings you have on the SP side.

    -RaofM

    #14046
     Peter Major
    Moderator

    NameID Value mapping with transient NameID Format is non spec compliant configuration. Please don’t suggest that.

    #14051
     RaofM
    Participant

    Hi Epleisman,

    Ignore my earlier comments as Peter said, Thanks Peter for correcting.

    -RaofM

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?