Symantec Access Management

Expand all | Collapse all

SAML 1.1 : NameQualifier

Jump to Best Answer
  • 1.  SAML 1.1 : NameQualifier

    Posted 08-04-2017 08:52 AM

    I am working on SAML 1.1 setup.

    (I understand that it is outdated and SAML 2.0 should be used instead, but there is a specific requirement and hence SAML 1.1)

    I want to send 'NameQualifier' attribute under 'NameIdentifier' in the SAML token to the Consumer.

    How can we configure it in SAML 1.1 Partnership Federation in SiteMinder ?

    Please suggest.

     

    <NameIdentifier
    Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
    NameQualifier="Some Value">123456789
    </NameIdentifier>

    Regards,

    Anurag



  • 2.  Re: SAML 1.1 : NameQualifier
    Best Answer

    Posted 08-08-2017 12:35 PM

    Anurag,

    I am afraid this can not be accomplished from CA SSO SAML 1.1 configuration, because there is no option given to modify the entry.

    Per specification, <NameQualifier> is an optional parameter, thus a vendor can choose either implement it or not to.

    <extension base="string">
    <attribute name="NameQualifier" type="string" use="optional"/>
    <attribute name="Format" type="anyURI" use="optional"/>
    </extension>

    This kind of limitation will explain why people move on to SAML 2 and as well as development effort.

    Maybe you could convince your partner to drop this requirement since it is optional, if you have to do this, then assertion customization Plug-in (also known as Custom code) will be the last resort.

     

    Hope this helps.

     

    Hongxu