ComponentSpace

Forums



How to set NameQualifier


How to set NameQualifier

Author
Message
mchammer
mchammer
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Awaiting Activation
Posts: 3, Visits: 8
In IdP-initiated SSO scenario we need to set NameQualifier option. This is the required result:
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameidformat:persistent" NameQualifier="Foo">XXX</saml2:NameID>

Using NameIDFormat in the configuration file we can set the Format option, but how do we set the NameQualifier to Foo? 
This is our current code:
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out authnContext, out userName, out attributes, out targetUrl);

Thank you.


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Do you mean, as the identity provider, how do you set the NameQualifier?

Are you using our product to implement the identity provider as well as the service provider?

Regards
ComponentSpace Development
mchammer
mchammer
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Awaiting Activation
Posts: 3, Visits: 8
ComponentSpace - 7/13/2021
Do you mean, as the identity provider, how do you set the NameQualifier?

Are you using our product to implement the identity provider as well as the service provider?

Do you mean, as the identity provider, how do you set the NameQualifier? - Yes
We are using your product to implement the identity provider. 3rd party service provider is using Okta.
Our SAMLResponse needs to contain NameQualifier in the NameID.

Thank you.

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Thanks for the clarification.

The SAMLIdentityProvider.InitiateSSO and SAMLIdentityProvider.SendSSO methods that create and send SAML responses, don't expose a method for setting the NameQualifier. Nor can this be specified through the SAML configuration. In our experience, the NameQualifier isn't used often.

You can implement the ISAMLObserver interface by extending the AbstractSAMLObserver class. These are under the ComponentSpace.SAML2.Notifications namespace.

The OnSAMLAssertionCreated method provides you with access to the SAMLAssertion object which you may modify as required.

You register your ISAMLObserver implementation by calling SAMLObservable.Subscribe.

Having said this, would you mind contacting [email protected]? We might look at adding this support through the SAML configuration but I'd like to ensure we fully understand your requirements.


Regards
ComponentSpace Development
mchammer
mchammer
New Member
New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)New Member (4 reputation)

Group: Awaiting Activation
Posts: 3, Visits: 8
ComponentSpace - 7/13/2021
Thanks for the clarification.

The SAMLIdentityProvider.InitiateSSO and SAMLIdentityProvider.SendSSO methods that create and send SAML responses, don't expose a method for setting the NameQualifier. Nor can this be specified through the SAML configuration. In our experience, the NameQualifier isn't used often.

You can implement the ISAMLObserver interface by extending the AbstractSAMLObserver class. These are under the ComponentSpace.SAML2.Notifications namespace.

The OnSAMLAssertionCreated method provides you with access to the SAMLAssertion object which you may modify as required.

You register your ISAMLObserver implementation by calling SAMLObservable.Subscribe.

Having said this, would you mind contacting [email protected]? We might look at adding this support through the SAML configuration but I'd like to ensure we fully understand your requirements.

Thank you very much for your help! 
I was able to set samlAssertion.Subject.NameID.NameQualifier using recommended AbstractSAMLObserver and OnSAMLAssertionCreated.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Thanks for the update.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search