Message Image

Skip main navigation (Press Enter).

Symantec Access Management

View Only

Back to discussions

Expand all | Collapse all

SAML 1.1 : NameQualifier

Jump to Best Answer

K.AnuragAug 04, 2017 08:52 AM

I am working on SAML 1.1 setup. (I understand that it is outdated and SAML 2.0 should be used instead, ...

Hongxu LiuAug 08, 2017 12:35 PMBest Answer

Anurag, I am afraid this can not be accomplished from CA SSO SAML 1.1 configuration, because there ...

1. SAML 1.1 : NameQualifier

0 Recommend
K.Anurag
Posted Aug 04, 2017 08:52 AM

Reply Reply Privately
I am working on SAML 1.1 setup.
(I understand that it is outdated and SAML 2.0 should be used instead, but there is a specific requirement and hence SAML 1.1)
I want to send 'NameQualifier' attribute under 'NameIdentifier' in the SAML token to the Consumer.
How can we configure it in SAML 1.1 Partnership Federation in SiteMinder ?
Please suggest.

<NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
NameQualifier="Some Value">123456789
</NameIdentifier>
Regards,
Anurag
2. Re: SAML 1.1 : NameQualifier
Best Answer

0 Recommend
Broadcom Employee

Hongxu Liu
Posted Aug 08, 2017 12:35 PM

Reply Reply Privately
Anurag,
I am afraid this can not be accomplished from CA SSO SAML 1.1 configuration, because there is no option given to modify the entry.
Per specification, <NameQualifier> is an optional parameter, thus a vendor can choose either implement it or not to.
<extension base="string">
<attribute name="NameQualifier" type="string" use="optional"/>
<attribute name="Format" type="anyURI" use="optional"/>
</extension>
This kind of limitation will explain why people move on to SAML 2 and as well as development effort.
Maybe you could convince your partner to drop this requirement since it is optional, if you have to do this, then assertion customization Plug-in (also known as Custom code) will be the last resort.

Hope this helps.

Hongxu

Copyright 2019. All rights reserved.

Powered by Higher Logic