Need to add extension to NAM IDP Metadata

Hi,

I need to update customers NAM IDP to provide a extension in the IDP metadata to follow requirements from Swedish school authorities

The extension that should be added is

<Extensions><mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"><saml:Attribute Name="urn:oasis:names:tc:SAML:attribute:assurance-certification" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue>https://fidus.skolverket.se/authentication/e-leg</saml:AttributeValue></saml:Attribute></mdattr:EntityAttributes>
</Extensions>

If I add and try to verify I get this error "reference to a nameareaprefix that is not declared : SAML"

In the documentation it's stated that it should come directly after EntityID statement, but in there example that statment looks like

<EntityDescriptor xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" entityID="http://idp.exempel.se/">

If I change the entitydescriptor to match this the first error disappears but instead I get reference to a nameareaprefix that is not declared : md"

Anybody got a suggestions howto handle this?

/Lennart

Parents
  • 0

    Hi,

    Local login works, SP is requesting a specific authncontextclassref and that the AuthnContext Comparison match is exact. NAM IDP responds with one of the requested authncontextclassrefernses in the respons to the SP. No mention of matching in response.

    We got a contract that points to a method that basically is a jsp page with links to externa IDP.

    The user chooses one of the external IDP's and authenticates there

    The external IDP ie responding with <saml2:AuthnContextClassRef>id.elegnamnden.se/.../saml2:AuthnContextClassRef> and user is getting matched to a local userID but still NAM ends up displaying the login contract login page again instead of returning user back to SP that request was initiated from.

    /Lennart

Reply
  • 0

    Hi,

    Local login works, SP is requesting a specific authncontextclassref and that the AuthnContext Comparison match is exact. NAM IDP responds with one of the requested authncontextclassrefernses in the respons to the SP. No mention of matching in response.

    We got a contract that points to a method that basically is a jsp page with links to externa IDP.

    The user chooses one of the external IDP's and authenticates there

    The external IDP ie responding with <saml2:AuthnContextClassRef>id.elegnamnden.se/.../saml2:AuthnContextClassRef> and user is getting matched to a local userID but still NAM ends up displaying the login contract login page again instead of returning user back to SP that request was initiated from.

    /Lennart

Children
No Data