Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.4
-
None
-
None
-
Win XP Professional, Axis2 1.4, Rampart 1.4
Description
In SAML token scenario the 'NameIdentifier' tag in the saml assertion has an attribute 'Format' which has a wrong value. Currently it is:
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">CN=client</NameIdentifier>
Since 'NameIdentifier' contains the value of the SubjectName from the X509 certificate, the correct form should be:
<NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=client</NameIdentifier>
For more information see SAML 1.1 specifications paragraph 7.3. It can be found here: http://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf