Closed TumaMilan closed 4 months ago
What IdP are you using? If the NameId element is defined in the SAMLResponse, its value should not be empty.
Unfortunately, this is the subject of a philosophical question. My IdP strictly binds NameId to email. In some special justified cases user has not email filled. For our use case it would be OK, to have empty NameId and read another data from atributes. I know, without NameId user cannot logout, but i tis not needed. Why Toolkit disables use empty NameId, but omitted NameId is all right? Don’t understand. Thank for our help Milan Tůma
From: Sixto Martin @.> Sent: Friday, April 26, 2024 9:16 PM To: SAML-Toolkits/php-saml @.> Cc: Tůma Milan @.>; Author @.> Subject: Re: [SAML-Toolkits/php-saml] enable empty nameId when wantNameId is false (PR #577)
What IdP are you using? If the NameId element is defined in the SAMLResponse, its value should not be empty.
— Reply to this email directly, view it on GitHubhttps://github.com/SAML-Toolkits/php-saml/pull/577#issuecomment-2079985926, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AP3E77ZGXKXBGRGXHEXRSNTY7KRYLAVCNFSM6AAAAABESTZYROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANZZHE4DKOJSGY. You are receiving this because you authored the thread.Message ID: @.**@.>>
Thank you very much!
From: Sixto Martin @.> Sent: Monday, May 13, 2024 1:14 PM To: SAML-Toolkits/php-saml @.> Cc: Tůma Milan @.>; Author @.> Subject: Re: [SAML-Toolkits/php-saml] enable empty nameId when wantNameId is false (PR #577)
Fair. Fixed here: 2cc0576https://github.com/SAML-Toolkits/php-saml/commit/2cc05760ca04bab315da773be2113ca2e9fa44e3
— Reply to this email directly, view it on GitHubhttps://github.com/SAML-Toolkits/php-saml/pull/577#issuecomment-2107299906, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AP3E772HI4XHEYCIE2A33VTZCCN75AVCNFSM6AAAAABESTZYROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBXGI4TSOJQGY. You are receiving this because you authored the thread.Message ID: @.**@.>>
We are facing issues when our IP sends empty nameId. There is no reason to throw Exception when I set setting wantNameId as false. Disabling _strict is not good way, I thing. Thank you!