NetIQ Access Manager NDIP server does add "Format" attribute in the IDP SAML2:NameID element within WS-Tust SAML assertion

  • Document ID:7022008
  • Creation Date:05-Oct-2017
  • Modified Date:05-Oct-2017
    • Micro Focus Products:
      Access Manager (NAM)

Environment

  • Access Manager 4.3
  • Access Manager 4.3.1
  • Access Manager 4.3.2
  • Access Manager 4.4

Situation

  • WS-Trust Service provider has been configured

  • Authentication Response has been set to
    "Unspecified Ldap Attribute: extensionAttribute13[LDAP Attribute Profile]

  • TokenType has been set to SAML2

  • The resulting SAML2 assertion looks like:
    ==============================================================
    <saml2:Subject>
      <saml2:NameID NameQualifier="">T4SSO_1</saml2:NameID>
      ...
    </saml2:Subject>

    It should look like

    <saml2:Subject>
      <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="">T4SSO_1</saml2:NameID>
      ...
    </saml2:Subject>
    ==============================================================

Resolution

  • This issue has been addressed to engineering