Hi all,

I encounter a problem while connecting an application to my IDP (NAM
4.0.1).

I created a WS-Fed SP on the IDP and it works fine until application
tries to validate the IDP Response.

The IDP returns a NameIdentifier format as
urnasis:names:tc:SAML:1.1:nameid-format:unspecified but the
application waits for SAML 2.0 format.

Is it possible to change the format of the NameIdentifier on the IDP ?

You will find below the IDP response

Code:
--------------------

<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<saml:Assertion xmlns:saml="urnasis:names:tc:SAML:1.0:assertion" AssertionID="idIdMY2ncAsO1sKK10McusL1aok" IssueInstant="2015-04-01T10:02:00Z" Issuer="https://idp.mydomaine/nidp/wsfed/" MajorVersion="1" MinorVersion="1">
<saml:Conditions NotBefore="2015-04-01T09:47:00Z" NotOnOrAfter="2015-04-01T10:17:00Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>http://appurl:81/test/</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions><saml:AuthenticationStatement AuthenticationInstant="2015-04-01T10:02:00Z" AuthenticationMethod="http://idp/krb/uri">
<saml:Subject>
<saml:NameIdentifier Format="urnasis:names:tc:SAML:1.1:nameid-format:unspecified">xxxxxx</saml:NameIdentifier>
<saml:SubjectConfirmation
><saml:ConfirmationMethod>urnasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement>


<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#idIdMY2ZncAsOM1sKK10McusL1aok"><ds:Transform s><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><dsigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">wmPIiNYGT/62Hhmn6uwqrPAkx7U=</DigestValue></ds:Reference></ds:SignedInfo><SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
azLuR1tM4Va4/s2RC5XhHGgJ3fPpe06wj8g5dyfYb3dTUdNDAsyGAvYEhwIF2iZ gQwc6Bhf
IoLh8tk8z041LlYeZgqWkd6YxagQBjpNGIIRsdFi5yemYjmmSt 96e3e+rZjea7RTg+TiY4t8c
5QLVLI2cQekRyAO3IgQy2RiCQi5GJ4sNU1ajVBkZciEc6TTHrj jrLRT4388om16SwdSwjbQ
i9nbWo8PhZCXFRW0thG+vFVjWS6Jf2NcfmKy9379v4adESoJMb t1VD/7qOpFy5d5X1K+qWX0l1m3
ZvJ6VfiBNXkK2X/CcGbHsihd3ymO/DPnA==
</SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Ce rtificate>
MIIFLDCCBBSgAwIBAgIkAhwFYsaBaz2yx3KzmABzXPGALZwQ/Jo5cTI27CM1AgIBFdKXMA0GCSqG
SIb3DQEBBQUAMDgxGjAYBgNVBAsTEU9yZ2FuaXphdGlvbmFsIE NBMRowGAYDVQQKFBFTRUZSSU5G
MDA0NDVfVFJFRTAeFAzMTYxNDQzMDFaFw0yNTAzMTYxNDQzMDF aMEAxFTATBgNVBAMTDHRl
c3Qtc2lnbmluZzEWMBQGA1UECxMNYWNjZXNzTWFuYWdlcjEPMA 0GA1UEChMGbm92ZWxsMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpFfjsS1Hm030W 4305fh5r3RB5gRfkkj2jyYtAfj
6Oi5sX9dFf7hg/2Wb++YmljFuq52b/zqdToqiynGHBEQB1esAoOevbAW74Ogr8JibelGDq9W
hW5SBwN2VlbNRdwjBR73ezIEIAIcgxzoWel4Sp4iBSTUH0kINq 4XP7KVF/zeCmoQFXzeJRuzgTCK
keq9fImgSTTwb4CGpcZcUqRg6yheyWV/TF3mlqN6dbyeWKaHaUds8fS/l76MCiNL71+yRhJ0AGiw
EmMRbrzHTrkYO8I8MfrhJ9/mb7SnnDOyuIdJ8u3Bw9j+0hHJMK4vd49hbHTEEQiSXfhegsegA QID
MAYCAQECAQoCAWmhGgEBADAIMAYCAQECAQAwCDAGAgEBAgEAAg EAogYCARcBAf+jggEEoFgCAQIC
AgD/AgEAAw0AgAAAAAAAAAAAAAAAAwkAgAAAAAAwGDAQAgEAAgh//////////wEBAAIEBvDf
SDAYMBACAQACCH//////////AQEAAgQG8N9IoVgCAQICAgD/AgEAAw0AQAAAAAAAAAAAAAAAAwkA
QAAAAAAAAAAwGDAQAgEAAgh//////////wEBAAIEBWLGgTAYMBACAQACCH//////////AQEAAgQF
YsaBok4wTAIBAgIBAAICAP8DDQCAAAAAAAAAAAAAAAADCQCAAA AAAAAAADASMBACAQACCH//////
////AQEAMBIwEAIBAAIIf/////////8BAQAwDQYJKoZIhvcNAQEFBQADggEBAEVH+b/+olhU8GX8
pAOzi36hb2M0rcknHdF87TQMSwB5cc+o95kSeGWBq7VWKuEGb5 nN7T3IYg0aAGI6v3Ohns7
glei9vKGLJLu3vbUuzPQmGf1GCHCgDv2SSztH0/EBmwIRVrqDppbY71vjA/GtnrroZ90GdcUi/Qm
copV2kkF6IeZiIllPycTaPThv1lpgo8CzYByOid1ziirvXo892 +Dmsh9ff9dFIzjupR/ZQd7N5l3
LUIeBEDewPYsl0X66X050D4doSQm4/IRfjOnHAvy9fJUttKQgIkMCHO8pc0JBiu6Q5tHRBh
HpjGNucKBfKvbOCPkSnvMaE=
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature></saml:Assertion></wst:RequestedSecurityToken></wst:RequestSecurityTokenResponse>
--------------------


--
thomas_sutter
------------------------------------------------------------------------
thomas_sutter's Profile: https://forums.netiq.com/member.php?userid=8205
View this thread: https://forums.netiq.com/showthread.php?t=53239