Symantec Access Management

 View Only
  • 1.  SAML 1.1 : NameQualifier

    Posted Aug 04, 2017 08:52 AM

    I am working on SAML 1.1 setup.

    (I understand that it is outdated and SAML 2.0 should be used instead, but there is a specific requirement and hence SAML 1.1)

    I want to send 'NameQualifier' attribute under 'NameIdentifier' in the SAML token to the Consumer.

    How can we configure it in SAML 1.1 Partnership Federation in SiteMinder ?

    Please suggest.


    NameQualifier="Some Value">123456789



  • 2.  Re: SAML 1.1 : NameQualifier
    Best Answer

    Broadcom Employee
    Posted Aug 08, 2017 12:35 PM


    I am afraid this can not be accomplished from CA SSO SAML 1.1 configuration, because there is no option given to modify the entry.

    Per specification, <NameQualifier> is an optional parameter, thus a vendor can choose either implement it or not to.

    <extension base="string">
    <attribute name="NameQualifier" type="string" use="optional"/>
    <attribute name="Format" type="anyURI" use="optional"/>

    This kind of limitation will explain why people move on to SAML 2 and as well as development effort.

    Maybe you could convince your partner to drop this requirement since it is optional, if you have to do this, then assertion customization Plug-in (also known as Custom code) will be the last resort.


    Hope this helps.