24a2773524
The NameID Format in the AuthnRequest NameIDPolicy is now respected, and support has been added for the following NameID Formats: - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:transient The persistent NameID format was previously used in all responses and mapped to the principal's username. Now, unspecified is mapped to the principal's username and used by default if no NameIDPolicy is specified by the SP. The persistent format requires generating a pseudo-random identifier that must be generated by the IdP on first login and stored in the user's profile. Persistent NameID Format is not yet implemented. The certificate is now added to the signature to enable support for integration with Service Providers where only the IdP's certificate fingerprint is configured (e.g. Zendesk). |
||
---|---|---|
.. | ||
main |