Details
-
Bug
-
Resolution: Done
-
Minor
-
None
-
None
-
None
-
Sprint - Versions (10/17/2019), Sprint - Versions (10/31/2019)
Description
Example:
Importing this descriptor:
```
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor entityID="https://www.concursolutions2.net"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<mdui:UIInfo>
<mdui:DisplayName xml:lang="en">Concur Solutions</mdui:DisplayName>
<!-- <mdui:Description xml:lang="en">Logon using your 8-digit SMU ID and password.</mdui:Description> -->
<mdui:Logo height="146" width="148">https://www.concur.com/sites/all/themes/Concur6/images/Concur_logo.png</mdui:Logo>
</mdui:UIInfo>
</md:Extensions>
<md:NameIDFormat>urn:oid:1.3.6.1.4.1.5923.1.1.1.6</md:NameIDFormat>
<md:AssertionConsumerService index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.concursolutions.com/SAMLRedirector/ClientSAMLLogin.aspx"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
```
Then editing in UI - releasing `eduPersonPrincipalName` and setting `don't sign assertions` flag and saving.
results in generated descriptor:
```
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://www.concursolutions.com">
<md:Extensions>
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="nameIDFormatPrecedence" Name="http://shibboleth.net/ns/profiles/nameIDFormatPrecedence" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="defaultAuthenticationMethods" Name="http://shibboleth.net/ns/profiles/defaultAuthenticationMethods" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
<saml2:Attribute xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://shibboleth.net/ns/attributes/releaseAllValues">
<saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">eduPersonPrincipalName</saml2:AttributeValue>
</saml2:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:DisplayName xml:lang="en">Concur Solutions</mdui:DisplayName>
<mdui:Logo height="146" width="148" xml:lang="en">https://www.concur.com/sites/all/themes/Concur6/images/Concur_logo.png</mdui:Logo>
</mdui:UIInfo>
</md:Extensions>
<md:NameIDFormat>urn:oid:1.3.6.1.4.1.5923.1.1.1.6</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.concursolutions.com/SAMLRedirector/ClientSAMLLogin.aspx"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
```
Note two extra attributes - `nameIDFormatPrecedence` and `defaultAuthenticationMethods` that should not be there