Menu
▾
▴
Re: [Unity-idm-discuss] SAML NameID
|
From: Krzysztof B. <kb...@un...> - 2021-09-23 10:45:32
|
Hi Sander, W dniu 23.09.2021 o 07:17, Sander Apweiler pisze: > Good morning Krzysztof, > good morning Roman, > > I have two short questions about SAML NameID and unity. In past weeks I > got two user tickets because their login with 3rd party IdP failed. In > both cases the log showed that the IdP did not use NameID format. Both > IdP admins said they didn't change it or didn't send it in past. Became > unity here more strikt between 3.3.4 and 3.5.1? Well, I don't recall anything clearly related, but it is bit hard to say without knowing bit wider context. Do I read this correctly that SAML answer contained NameID without specifying the format attribute? - what in general means that the format is unspecified. Can you write which element had this nameID? Is it about authenticated entity? Or the IdP identifier? Unity log would be here also very helpful, especially if it contains some error. > One IdP admin reported the NameIdPolicy in AuthRequest is empty, see > screenshot. Is this intended? AFAIR this is configurable: unity authenticator has "accepted name formats" config, and you can have it left empty what would allow any format (and the NameIdPolicy you have pasted). HTH, Krzysztof |
