You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just found that in Saml2Response, the issuer is extracted from the Issuer xml element child of Response: Issuer = new EntityId(xmlElement["Issuer", Saml2Namespaces.Saml2Name].GetTrimmedTextIfNotNull());
Looking at the specification (saml-core-2.0-os) from oasis, it appears that this element is optional (page 38, line 1566). On the other hand, the element Assertion has a required child Issuer (page 16, line 558).
The Response > Issuer element contains information about who generated the response message, while the Response > Assertion > Issuer contains information about who made the claims.
Usually, the two issuers contains the same information, but I have a case where the provider doesn't populate the response issuer in the Saml2Response.
Would it be possible to use the assertion issuer in the Saml2Response class ?
The text was updated successfully, but these errors were encountered:
You are correct, and this is a known issue (#477). I'll close this one so we keep discussion in one place. Linked in #477 is a PR that attempted to fix this, but wasn't quite ready for production use. If you have a better approach please submit a PR.
Hello,
I just found that in Saml2Response, the issuer is extracted from the Issuer xml element child of Response:
Issuer = new EntityId(xmlElement["Issuer", Saml2Namespaces.Saml2Name].GetTrimmedTextIfNotNull());
Looking at the specification (saml-core-2.0-os) from oasis, it appears that this element is optional (page 38, line 1566). On the other hand, the element Assertion has a required child Issuer (page 16, line 558).
The
Response
> Issuer element contains information about who generated the response message, while theResponse > Assertion > Issuer
contains information about who made the claims.Usually, the two issuers contains the same information, but I have a case where the provider doesn't populate the response issuer in the Saml2Response.
Would it be possible to use the assertion issuer in the Saml2Response class ?
The text was updated successfully, but these errors were encountered: