SAML/SAMLP vs SAML2/SAMLP2 in assertions

Jeff McCullough

unread,

Jan 27, 2012, 7:07:30 PM1/27/12

to us...@shibboleth.net

Quick question...

I've encountered a vendor, Catertrax, that will only accept SAML/SAMLP for version 1.1 and 2.0 assertions. The Shibboleth IdP sends SAML2/SAMLP2 for SAML 2.0 assertions. The vendor sent me a bunch of links proving their point, but I know you all worked on the spec. What gives? Is there a way in the Shib IdP to specify SAML vs SAML2 assertions for a relying-party?

Thanks,
Jeff

--
To unsubscribe from this list send an email to users-un...@shibboleth.net

Chad La Joie

unread,

Jan 27, 2012, 7:15:46 PM1/27/12

to Shib Users

No. Their app is broken. They clearly have no idea what an XML
namespace is. Those prefixes are meaningless except to the extent
that they must match the prefix given when the namespace is declared.
You could (and some products do) generate random prefixes and that's
perfectly legal.

--
Chad La Joie
www.itumi.biz
trusted identities, delivered

Jeff McCullough

unread,

Jan 27, 2012, 7:59:29 PM1/27/12

to Shib Users

Thanks. It would appear they took the naming convention a bit too literally. I'm sure I have a fun conversation ahead. -Jeff

Chad La Joie

unread,

Jan 27, 2012, 8:08:36 PM1/27/12

to Shib Users

Almost certainly. Were I you, I probably wouldn't even argue with
them. Point them to the XML namespace spec, which is referenced from
the SAML spec, and let them read and grok it first. If they do
understand you won't need to say anything, if they don't, nothing you
say is likely to matter.

Reply all

Reply to author

Forward