|
|
|
|
|
|
|
|
|
|
|
|
|
|
11/11/2014 11:42:29 PM
Formats and include certificate in signature
|
11/11/2014 10:24:51 PM
NameID Format in the AuthnRequest NameIDPolicy is now respected,
and support has been added for the following NameID Formats: - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
The persistent NameID format was previously used in all responses
and mapped to the principal's username. Now, unspecified is mapped
to the principal's username and used by default if no NameIDPolicy
is specified by the SP.
The persistent format requires generating a pseudo-random identifier
that must be generated by the IdP on first login and stored in the
user's profile. Persistent NameID Format is not yet implemented.
The certificate is now added to the signature to enable support for
integration with Service Providers where only the IdP's certificate
fingerprint is configured (e.g. Zendesk).
|
11/11/2014 12:20:46 PM
to 2.7.0.CR2 and ldap improvements
|
