NameQualifier must match entityID

[francescm]

It turns out NameQualifier property into Issuer tag in the request has to match with enityID. Remove instructions to deal with NameQualifier != entityID because they are confusing.

[ziobob94]

Hello everyone,

I wanted to share a solution to a problem I've resolved, which is thoroughly explained in the official Technical Rules documentation.

Contrary to what is indicated in the documentation, to ensure that the "NameQualifier" field is accepted, it's necessary to add the <saml:Subject> element.

Here's the template I've devised:

` <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
ID="{ID}" Version="2.0" IssueInstant="{IssueInstant}" Destination="{Destination}" AssertionConsumerServiceURL="{AssertionConsumerServiceURL}" ProtocolBinding="{ProtocolBinding}" AttributeConsumingServiceIndex="{AttributeConsumingServiceIndex}" ForceAuthn="{ForceAuthn}"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" NameQualifier="{NameQualifier}">{NameQualifier}</saml:Issuer>

{NameQualifier} https://www.spid.gov.it/SpidL{Level} ` Please note the ID generation. I'm also sharing the function to generate it: ` export function generateAuthnRequestId() { const validStartChars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_'; const validChars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_'; let generatedString = validStartChars.charAt(Math.floor(Math.random() * validStartChars.length)); const remainingLength = 42 - 1; for (let i = 0; i < remainingLength; i++) { generatedString += validChars.charAt(Math.floor(Math.random() * validChars.length)); } return generatedString; } ` Remember to sign this document in the case of BINDING: Post.