-
1. AuthnRequest does not contain a NameIDPolicy
anil.saldhana Feb 1, 2011 10:22 AM (in response to jonananas)1 of 1 people found this helpfulI created : https://issues.jboss.org/browse/PLFED-133
Ideally the IDP should fallback to whatever mechanism it wants as default.
This is one of the gray areas in interoperabilities with various IDPs.
-
2. AuthnRequest does not contain a NameIDPolicy
jonananas Feb 1, 2011 2:37 PM (in response to anil.saldhana)Thank you!
To clarify: If I understand the issue correctly; this means that I cannot provide a NameIDPolicy-element until the issue is solved?
-- Jonas
-
3. AuthnRequest does not contain a NameIDPolicy
anil.saldhana Feb 1, 2011 3:11 PM (in response to jonananas)Yeah. PicketLink AuthnRequest creation was not adding the NameIDPolicy element. It will be available as part of the PL2 builds coming out soon.
-
4. AuthnRequest does not contain a NameIDPolicy
jonananas Feb 2, 2011 2:27 AM (in response to anil.saldhana)Ok, thanks!
-
5. AuthnRequest does not contain a NameIDPolicy
jonananas Feb 2, 2011 8:53 AM (in response to anil.saldhana)By the way, do I dare to ask what "soon" means?
Stable release in Q1? Q2?
-- Jonas
-
6. Re: AuthnRequest does not contain a NameIDPolicy
anil.saldhana Feb 2, 2011 11:38 AM (in response to jonananas)I define stability as "help from the community in identifying bugs". Until that happens, cannot really say, how soon...
This week, we will put out PL2 builds that I am hoping community members will test and report bugs against.
But Iam thinking PL2 stable should be out in 45-60 day time frame.
-
7. Re: AuthnRequest does not contain a NameIDPolicy
toddstory Mar 2, 2011 9:46 AM (in response to anil.saldhana)Is it possible to control the generation of this element (i.e. omit, or not to use transient)? I just read the original issue and it looks like this isn't configurable.
-
8. Re: AuthnRequest does not contain a NameIDPolicy
anil.saldhana Mar 2, 2011 10:13 AM (in response to toddstory)I will be documenting it right now. We are working on documentation for PicketLink 2. So will include the information.
-
9. AuthnRequest does not contain a NameIDPolicy
jonananas Apr 11, 2011 9:42 AM (in response to anil.saldhana)I am not getting a NameIDPolicy element in my AuthnRequest using the current PL2 trunk.
It seems like when the samlRequest reaches SAMLRequestWriter.write(AuthnRequestType request) it does not have a nameIDPolicy, I will investigate this further tomorrow, but if you have a clue why that would be great
-- Jonas
-
10. Re: AuthnRequest does not contain a NameIDPolicy
jonananas Apr 11, 2011 12:49 PM (in response to jonananas)Is there a reason createAuthnRequest in org.picketlink.identity.seam.federation.SamlMessageFactory is not using SAML2Request?
When I changed it into
public AuthnRequestType createAuthnRequest()
{
SAML2Request saml2request = new SAML2Request();
try {
return saml2request.createAuthnRequestType(generateId(),
serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE), null,
serviceProvider.getSamlConfiguration().getEntityId());
} catch (ConfigurationException e) {
throw new RuntimeException(e);
}
}
it works...
-- Jonas
-
11. Re: AuthnRequest does not contain a NameIDPolicy
anil.saldhana Apr 11, 2011 1:32 PM (in response to jonananas)The Seam workspace was developed by Marcel independently. So he may have not really been aware of the SAML2Request class. I will update the usage.
Since you are working on the workspaces, you can get commit rights if you wish. All you have to do is sign up as a contributor at http://jboss.org/contribute
Then you can fix all these minor issues by creating a JIRA at https://issues.jboss.org/browse/PLFED
-
12. AuthnRequest does not contain a NameIDPolicy
anil.saldhana Apr 12, 2011 11:04 AM (in response to anil.saldhana)Jonas, thanks for signing the CLA. I have added commit rights to your username "jonananas"
If that username is wrong, please tell me the right one.
The committer svn is https://svn.jboss.org/repos/picketlink/
-
13. Re: AuthnRequest does not contain a NameIDPolicy
jonananas Apr 12, 2011 12:55 PM (in response to anil.saldhana)Username is correct, I can access the repo.
This is off topic, but can I find an eclipse-preferences xml-file you use for picketlink somewhere?
My prefs are not the same as picketlinks, and I don't want to mess up the repo by committing tabs instead of whitespaces etc...
-
14. AuthnRequest does not contain a NameIDPolicy
anil.saldhana Apr 12, 2011 12:57 PM (in response to jonananas)Give me a few mins. I will check it in.