[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Attribute equality during AttributeQuery
Speaking as an implementer, you ignore the concept of profiles and strictly enforce equality on both fields, or possibly treat unspecified as a wildcard that treats Name as the only comparator.
I think this is a defendable way to interpret the spec, as it shows similarity to the way how NameID-Formats are handled (SAML Core 3.4.1.1): "If the Format value is omitted or set to urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified, then the identity provider is free to return any kind of identifier, subject to any additional constraints due to the content of this element or the policies of the identity provider or principal."
So an incoming attribute with unspecified NameFormat will match anything as long as the attribute name defined on the server is the same, but an attribute with unspecified NameFormat on the server will not match an AttributeQuery requesting an attribute with basic NameFormat.
Thanks for your help, really appreciate it. Regards, Peter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]