rpylipow
commented
1 week ago @Sgoettschkes I've run into recently as well. You may consider moving this issue over to https://github.com/dropbox/samly, as I believe that is the maintainer now.
Open Sgoettschkes opened 5 months ago
rpylipow
commented
1 week ago @Sgoettschkes I've run into recently as well. You may consider moving this issue over to https://github.com/dropbox/samly, as I believe that is the maintainer now.
Sgoettschkes
commented
1 week ago The Dropbox fork does not have issues enabled, so I figured they might look here.
We have the following part in an IdP metadata:
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>When initiating a login with this IdP, the SP sends the following value:
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />No
nameid_formatwas set in the IdP configuration.I wasn't able to fully verify this with the specification, so I am not sure what the correct way to handle this is, but I suspect that just concatenating all 4 values is not correct?