Presume this one Ian?
2.3.2.1.1 Recommended Name and Syntax
That explains nicely why they think there should be a persistent ID but
the spec states:
'New applications are encouraged to use this newer syntax, when possible'.
In this case it's not possible but being used anyway. They're looking for
a unique identifier for the user and seem surprised at the contents of
eduPersonTargetedID. I can see why now. They're expecting a SAML2 NameID.
What I can't work out is why they expect a NameID when there is no SAML2
format attribute. That's in Subject/NameIdentifier in SAML1.
Thanks for that Ian though, clears some of the confusion, I think.
-------------------
Alistair Young
Àrd Innleadair air Bathair-bog
UHI@Sabhal Mòr Ostaig
On 05/12/2012 12:59, "Ian Young" <[log in to unmask]> wrote:
>
>On 5 Dec 2012, at 12:37, Alistair Young <[log in to unmask]> wrote:
>
>> so why would they be expecting attributes
>> associated with SAML2 profiles?
>
>They're not. Although the NameID is a SAML 2 construct, that *encoding*
>of targeted ID is a SAML 1 *encoding* for use with SAML 1 profiles. See
>the MACE-Dir attribute profile specification, section 2.3.2.1.1 for more
>explanation than most people would want.
>
> -- Ian
>
>
>
|