Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Symantec Access Management
Private Community
View Only
Community Home
Threads
Library
Events
Members
Back to discussions
Expand all
|
Collapse all
IDEA: Make SAML IdP entity format optional when CA SSO acts as IDP as when it acts as SP
1.
IDEA: Make SAML IdP entity format optional when CA SSO acts as IDP as when it acts as SP
0
Recommend
Kobi Azran
Posted Jun 10, 2019 08:45 AM
Reply
Reply Privately
Options Dropdown
Hello community,
As per the RFC
http://docs.oasis-open.org/security/saml/v2.0/sstc-saml-approved-errata-2.0.html
If the message is signed or if an enclosed assertion is encrypted, then the element MUST be present.
Otherwise it MAY be omitted.
If present it MUST contain the unique identifier of the issuing identity provider; the Format attribute MUST be omitted or have a value of urn:oasis:names:tc:SAML:2.0:nameid-format:entity.
Some SP provider do not support entity format specification which is acceptable as per RFC but when CA SSO is acting as IdP, format specification is not optional (oppose to when CA SSO is acting as SP).
This makes it impossible to implement SAML federation with some partners with third party SAML SP providers.
It is much needed to make this configuration optional and aligned with CA SSO acting as SP.
Thanks,
Kobi.
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Copyright 2019. All rights reserved.
Powered by Higher Logic