* Mark Cairney <[log in to unmask]> [2019-09-09 15:51]:
> We've just had an update from LexisNexis about this:
I have not been following this thread but note that we've had a
somewhat related conversation with LexisNexis about the fact that
their new SP always requested NameID formats even when it shouldn't --
IIRC it explicitly requested transient in our case, which does not
make much sense (unless you're aiming for SLO support, which is not
relevant here).
It's been a few months but AFAIR they managed to configure -- for us
only? -- the SP to not ask for any specific NameID formats in authn
requests so that this can be more interoperably be managed via SAML
metadata. (We list a NameIDFormat of persistent in their metadata
first which at least Shib IDPs will use as a trigger to send a proper
persistent NameID in the Assertion's Subject element.)
Now *not* asking for any specific NameID format in the SAML authn
request should obviously be the default but if they really want to
configure this per each individual IDP... sigh.
-peter
########################################################################
To unsubscribe from the JISC-SHIBBOLETH list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=JISC-SHIBBOLETH&A=1
|