Uploaded image for project: 'Shibboleth IdP 2 - Java'
  1. Shibboleth IdP 2 - Java
  2. SIDP-377

SPName Qualifier missing in NameID when persistentID is used in combination with AffiliationDescriptor

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.2.0
    • Component/s: None
    • Labels:
      None
    • Java Version:
      Sun 1.5
    • Servlet Container:
      Jetty 7

      Description

      The IdP sends the following SAML subject:
        
          <saml2:Subject>
      <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
      g4489WICx4m/zeiOD0nCwxGPYeU=
      </saml2:NameID>
      <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
      <saml2:SubjectConfirmationData Address="130.59.6.143" InResponseTo="_ccb44b0734183e5d2190bc73cedddc24" NotOnOrAfter="2010-02-25T13:20:06.596Z" Recipient="https://kelimutu.switch.ch/Shibboleth.sso/SAML2/POST" />
      </saml2:SubjectConfirmation>
      </saml2:Subject>

      The SP then provides as persistentID value in the web server environment "!!g4489WICx4m/zeiOD0nCwxGPYeU=", presumably because the SPNameQualifier is missing.

        Smart Checklist

          Attachments

            Activity

              People

              Assignee:
              chad.joie@at.internet2.edu Chad La Joie
              Reporter:
              haemmerle Lukas Hämmerle (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: