Further qualifies a name with the name of a service provider or affiliation of providers. This attribute provides an additional means to federate names on the basis of the relying party or parties
So I think it makes sense that it match the service provider ID rather than be hardcoded.
Issuer
This one didn't specifically cause me a problem, but I was confused to see in the response that Issuer was not correct for how I was running the IDP. I'm running via Docker with a different port
Hello! First off, thanks for creating this app. I'm just getting my feet wet with SAML integration in a Ruby app and this is a handy tool.
I encountered a couple issues along the way and want to share my fixes. If they should be broken up into separate PRs, let me know.
Conditions
positionThe SP library I'm using validates SAML responses with this XSD: https://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd. As far as I can tell, this XSD is the standard.
TIL that validating XML with XSD is sensitive to the order of elements in the document.
I ran into a validation error since
Conditions
was appearing after theAudienceRestriction
, but according to the XSD, it should be before it.https://www.samltool.com/validate_xml.php
SPNameQualifier
The SP library I'm using by default wants the
SPNameQualifier
to match our ID. Otherwise it thinks the response is invalid.According to the SAML specification, the field is:
So I think it makes sense that it match the service provider ID rather than be hardcoded.
Issuer
This one didn't specifically cause me a problem, but I was confused to see in the response that
Issuer
was not correct for how I was running the IDP. I'm running via Docker with a different port