Using "unspecified" NameID format with OpenIG SP.

This topic has 1 reply, 2 voices, and was last updated 7 years, 1 month ago by Ludo.

  • Author
  • #4353


    We would like to use OpenIG to protect OpenIDM. We want to use SAML between OpenIG SP and our SAML IDP. In the prototype we are using OpenAM itself as the SAML IDP. We have followed the steps in OpenIG documentation to setup things. However, we want to use “unspecified” NameID format instead of the default “transient” NameID format used by default.

    Is there a way to do this? We tried updating the $HOME/.openig/SAML/sp.xml to switch to “unspecified” NameID format, but we we are getting an error “SSO Failed: Service provider does not support name identifier format urn:oasis:names:tc:SAML:2.0:nameid-format:transient.”. This error is displayed when we are auto redirected to “/saml/SPInitiatedSSO” url. Does OpenIG only support “transient” NameID format? Is there a way to change this?



    Hi Paresh,

    Sorry for a delayed answer.
    The SAML support is really embedded in the OpenAM Fedlet that we pull and wrap in OpenIG.
    Specific customizations of the Fedlet like the one you are trying to do, are probably possible but it might be faster and easier to ask on the OpenAM forum.



Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?