Comments (7)
@crewjam Ah, I should have kept that PR opened, I closed it because we ended up using a fork. However, my original point is still valid, as per section 8.3.1 and 8.3.2 of the specifications:
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
should beurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress
should beurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
from saml.
Running into the same problem, looks like a copy-and-paste error, unspecified
and emailAddress
are both defined in SAML 1.1 instead of 2.0 according to http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
from saml.
I am getting this error too even though my request has a NameIDPolicy properly formatted.
My request is:
<samlp:AuthnRequest
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="id-034bf268652648235617a4249a1d891d4698b4af"
Version="2.0" IssueInstant="2017-11-22T15:58:08.243Z"
Destination="https://adfs.service.com/adfs/ls/" ForceAuthn="false"
AssertionConsumerServiceURL="https://alba.group/saml/acs"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://alba.group/saml/metadata</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
where I also added the RequestedAuthnContext thinking it was the source of the error (the XML does not validate against the SAML XSD without it) to no avail.
the response I get from ADFS is this one:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy" />
but why am I getting that error?
I also changed the code that @danielamiao suggested above but this not changing the response.
from saml.
I noticed #111 was closed. My read is that the name ID formats are correct. c.f. section 8.3.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
from saml.
@meetmauro I have the exact same problem as you, were you able to resolve it?
from saml.
@crewjam Is it possible to get a fix for this?
from saml.
fixed in [6e8a81a]
from saml.
Related Issues (20)
- Azure SAML2.0 not surport
- [question] idp example HOT 1
- Is this project still maintained? HOT 1
- Path property in CookieSessioProvider struct is missing
- ADFS HTTP-Artifact Signature
- Upgrade to use golang-jwt v5
- Why is the default SP signing algorithm SHA1
- bug: make logout request need add signature logic if `sp.SignatureMethod` is not empty. HOT 7
- Feature: IDP metadata URL should not be mandatory
- Should I fork a repo to receive the contribution [Or a community]
- Fail to authenticate on AzureAD when creating signed MakeAuthenticationRequest
- Externalize Login form
- How to log in by clicking on my app via Okta app?
- How to support multiple idp? HOT 1
- [Update Request] Update Project EOL component github.com/beevik/etree:v1.1.0
- can't figure out how to implement IDP initiated from IDP (for writing tests)
- How to create a SAML response with Response and Assertion signature
- How to handle IdP-initiated Single Logout (SLO) in the SP ? HOT 1
- When encrypting SAML assertion only SHA1 option can be used
- [Question] Why the Redirect function doesn't handle the error when parsing an URL
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from saml.