Extensions in AuthnRequests

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Extensions in AuthnRequests

tpanchal



1 post
 

Hi,

I have a standard shibboleth SP implementation. The IDP that I am testing with wants us to pass Extensions element dynamically on a per request basis as AuthnRequest. I have the configuration in shibboleth2.xml as below,
             <SessionInitiator type="SAML2" isDefault="false" id="Login2"  Location="/Login2" entityID="idp.entityid" NameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
 IssuerFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
  <samlp:AuthnRequest  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="foo" Version="2.0" IssueInstant="2012-01-01T00:00:00Z">     
                            <samlp:Extensions>
                                      <idpns:institutionId name="institutionId" value="00000"   xmlns:idpns="idpnamespace"/>
                           </samlp:Extensions>
        </samlp:AuthnRequest>
            </SessionInitiator>

But this config just sends hardcoded institutionid. Is it possible to pass the institutionid in the session initiator querystring (i.e. Login2?institutionId=00000)? I know that many elements like authnContextClassRef, NameIDFormat, SPNameQualifier can be replaced using querystring. But I really want to replace extensions using querystring. Is there any way that can be possible?
 
Thanks,
Tushar
Reply | Threaded
Open this post in threaded view
|

Re: Extensions in AuthnRequests

kotesh201
Hi Tushar,

Did you get any information on this. By any chance, do you know whether the IDP implementation is in Shibboleth or openSAML. Any clue would be great!!

-Kotesh
Reply | Threaded
Open this post in threaded view
|

RE: Extensions in AuthnRequests

tpanchal

I couldn’t find the way to pass extensions element dynamically yet. Idp is a custom implementation which accepts extension element.

 

From: kotesh201 [via Shibboleth] [mailto:ml-node+[hidden email]]
Sent: Wednesday, May 29, 2013 2:49 PM
To: Tushar Panchal
Subject: Re: Extensions in AuthnRequests

 

Hi Tushar,

Did you get any information on this. By any chance, do you know whether the IDP implementation is in Shibboleth or openSAML. Any clue would be great!!

-Kotesh


If you reply to this email, your message will be added to the discussion below:

http://shibboleth.1660669.n2.nabble.com/Extensions-in-AuthnRequests-tp7583884p7587101.html

To unsubscribe from Extensions in AuthnRequests, click here.
NAML