IDP Sending wrong SAML Token Version
jdonofrio Jan 5, 2015 4:17 PMI was following some of the quickstarts for picketlink federation and noticed that when I do IDP initiated SSO to my SP, the token is version 1.1 even though I am specifiying the parameter SAML_VERSION=2.0 in the request.
I am using wildfly-8.2.0.Final.
The link in my jsp file looks like this:
<li>SAML 2.0 IdP-Initiated SSO: <a id="saml_2_sales_link2" href="?SAML_VERSION=2.0&TARGET=http%3A//localhost%3a8080/picketWeb2/">Picket Web2 SAML 2.0</a> (<i>make sure you have deployed the picketWeb2 application</i>)</li>
This is the decoded SAML respnse token.
<?xml version="1.0"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" IssueInstant="2015-01-04T02:11:10.301Z" MajorVersion="1" MinorVersion="1" ResponseID="ID_19056c2c-e0c6-454b-b25a-ff4f750b4ad0">
<samlp:Status>
<samlp:StatusCode Value="samlp:Success"/>
</samlp:Status>
<saml:Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="ID_8ad36896-86a0-4d26-b81b-5de8618f8d06" IssueInstant="2015-01-04T02:11:10.279Z" Issuer="http://localhost:8080/picketIdp/" MajorVersion="1" MinorVersion="1">
<saml:Conditions NotBefore="2015-01-04T02:11:09.279Z" NotOnOrAfter="2015-01-04T02:11:16.279Z"/>
<saml:AuthenticationStatement AuthenticationInstant="2015-01-04T02:11:10.279Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
<saml:Subject>
<saml:NameIdentifier>user1</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<saml:AttributeStatement>
<saml:Attribute AttributeName="Role" AttributeNamespace="urn:picketlink:role">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="Role" AttributeNamespace="urn:picketlink:role">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">role2</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>
Any ideas why the token being sent is for SAML 1.1?