[satosa-users] SATOSA sets the NameID format to "transient" but it should be persistent
12 Apr
2018
12 Apr
'18
10:02 a.m.
Hi Matthew,
I think you need to set the name id format in the frontend config like so:
module: satosa.frontends.saml2.SAMLFrontend
name: Saml2IDP
config:
idp_config:
service:
idp:
name_id_format:
['urn:oasis:names:tc:SAML:2.0:nameid-format:persistent']
On 12-04-18 03:01, Matthew X. Economou wrote:
Dear all,
How do I force SATOSA to issue a persistent NameID for a given SP? The
SP's metadata includes the relevant NameIDFormat element inside the
SPSSODescriptor element:
https://gist.github.com/xenophonf/bc802a33a2e9caa2457e355c5b9d1651
However, SATOSA still issues a transient NameID in its SAML
AuthnResponse. What's especially frustrating is that I have this
working for another SP, so I'm not sure what I'm missing beyond the
NameIDFormat in the SP metadata.
Best wishes,
Matthew
--
Niels van Dijk Technical Product Manager Trust & Security
Mob: +31 651347657 | Skype: cdr-80 | PGP Key ID: 0xDE7BB2F5
SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands
www.surfnet.nl www.openconext.org