development Mismatch of NameIDFormat between SAML metadata and SAML Logout request

Mismatch of NameIDFormat between SAML metadata and SAML Logout request

Open toshihiro-shiino opened this issue 7 years ago • 0 comments

The NameIDFormat within SAML metadata is fixed and transient as below: https://github.com/servicecatalog/development/blob/5550af14cff0afda7b86ce999930a24c4056c1aa/oscm-saml2-api/javasrc/org/oscm/saml2/api/SpMetadataGenerator.java#L28

However, the NameIDFormat within SAML Logout request message is fixed and UPN as below: https://github.com/servicecatalog/development/blob/5550af14cff0afda7b86ce999930a24c4056c1aa/oscm-saml2-api/javasrc/org/oscm/saml2/api/LogoutRequestGenerator.java#L38

In case when ADFS is selected as IDP, validation on matching of the NameIDFormat at Login and Logout is carried out, so it leads to error at Logout by setting ADFS to return Login response as transient aligning with the SAML metadata.

Apr 03 '17 02:04 toshihiro-shiino

development development copied to clipboard

Mismatch of NameIDFormat between SAML metadata and SAML Logout request

development
development copied to clipboard