I am working on SAML 1.1 setup.
(I understand that it is outdated and SAML 2.0 should be used instead, but there is a specific requirement and hence SAML 1.1)
I want to send 'NameQualifier' attribute under 'NameIdentifier' in the SAML token to the Consumer.
How can we configure it in SAML 1.1 Partnership Federation in SiteMinder ?
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="Some Value">123456789 </NameIdentifier>
I am afraid this can not be accomplished from CA SSO SAML 1.1 configuration, because there is no option given to modify the entry.
Per specification, <NameQualifier> is an optional parameter, thus a vendor can choose either implement it or not to.
<extension base="string"><attribute name="NameQualifier" type="string" use="optional"/><attribute name="Format" type="anyURI" use="optional"/></extension>
This kind of limitation will explain why people move on to SAML 2 and as well as development effort.
Maybe you could convince your partner to drop this requirement since it is optional, if you have to do this, then assertion customization Plug-in (also known as Custom code) will be the last resort.
Hope this helps.