saml - Purpose of NameQualifier attribute within the NameID element
问题描述
According to the SAML 2.0 specification, the NameQualifier
attribute in the NameID
element is "the security or administrative domain that qualifies the name. This attribute provides a means to federate names from disparate user stores without collision."
My question is: can the "disparate user stores" be within the same IDP? If so, given that the Format
of the NameID
will be urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
, does the IDP have the right to send anything in the name qualifier as long as it is unique to each of its datastore?
Does this mean that in order for the SP (provided it receives requests from different IDPs) to achieve uniqueness, it has to consider the remote entity ID, NameQualifier
and NameID
value?
解决方案
推荐阅读
- javascript - 将点击事件附加到ckeditor中的元素
- python - / __init__() 处的 TypeError 采用 1 个位置参数,但给出了 2 个
- c# - 在 Xamarinforms 中捕获整个滚动页面的屏幕截图
- c++ - 具有默认成员初始化器的结构不能在类内部并用作默认参数
- postgresql - Postgresql 触发器语法插入或更新或删除
- microsoft-graph-api - Microsoft Graph - 发送带有文本和 html 正文的电子邮件
- c# - C# .net 4 无法连接到远程服务器
- r - 如何从一列引用其他列的名称并创建一个新列
- pandas - 如何在 Pandas 中将日期格式“Month_name date, year”提取到单独的日期、月份和年份列中?例如。“2019 年 8 月 30 日”
- continuous-integration - Browserstack service / webdriverIO / Automate / Session Name在测试期间发生变化