Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
72:integration:saml [2019/06/12 08:42] – [Lessons Learned] sngr | 72:integration:saml [2019/08/28 11:59] – emr | ||
---|---|---|---|
Line 41: | Line 41: | ||
providerId="< | providerId="< | ||
signatureKeyAlias=" | signatureKeyAlias=" | ||
- | > | + | |
</ | </ | ||
Line 76: | Line 76: | ||
nameIdPolicyFormat=" | nameIdPolicyFormat=" | ||
userFullnameTemplate=" | userFullnameTemplate=" | ||
- | | + | > |
<!-- hardcoded magic value that specifies the NameID from the SAML reply --> | <!-- hardcoded magic value that specifies the NameID from the SAML reply --> | ||
< | < | ||
Line 159: | Line 159: | ||
===== Lessons Learned ===== | ===== Lessons Learned ===== | ||
- | The default binding type of the SAML-Request is created as a redirect. | + | The default binding type of the SAML Request is '' |
- | Some IDP (f.e. at Renault) doesn´t | + | Some IDPs do not work with that type and rather need a POST Request. This can only be found out on the IDP. |
- | This can be configured in the identity-provide | + | This can be configured in the '' |
< | < | ||
sendBinding=" | sendBinding=" | ||
</ | </ | ||
- | |||
- | There a re no easy options to fint it out, because the IDP only seems to deny the Request (without telling the concrete reason in the response). Only at IDP (→ mostly customer) the problem can be identified. | ||
- | |||