[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Rationalization of Usage rules for <Issuer> in profiles?
There may well be reasons for the variations but I've identified three categories of rules for the <Issuer> element with the various 'Usage" sections within the profiles doc. The different protocol messages are listed below along with their corresponding rule for <Issue>.
----------------------------------------------------
<AuthnRequest>,
<NameIDMappingResponse>, <ManageNameIDRequest>,
<ManageNameIDResponse>
<ArtifactResolve>, <Response> to
Query/Request, <ArtifactResponse>
The <Issuer> element MUST be present and MUST contain the unique identifier of the artifact issuer/requesting entity/responding entity; the Format attribute MUST be omitted or have a value of urn:oasis:names:tc:SAML:2.0:nameidformat:entity.
----------------------------------------------------
<NameIDMappingRequest> , Query/Request
The <Issuer> element MUST be present.
----------------------------------------------------
<Response> to <AuthnRequest>
The <Issuer> element MAY be omitted, but if present it MUST contain the unique identifier of the issuing identity provider; the Format attribute MUST be omitted or have a value of urn:oasis:names:tc:SAML:2.0:nameid-format:entity
Paul
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]