Different SAML response between Policy Server 12.8SP5 and 12.8SP8

search cancel

Different SAML response between Policy Server 12.8SP5 and 12.8SP8

book

Article ID: 280669

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Federation (SiteMinder)

Issue/Introduction

Running Policy Server, the following difference is noticed in the tags the Policy Server uses for the assertion attributes.

From version 12.8SP5, there are xml namespace tags:

<ns2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
<name>@example.com
</ns2:AttributeValue>

From version 12.8SP8:

<ns2:AttributeValue>
<name>@example.com
</ns2:AttributeValue>

Resolution

The Policy Server 12.8SP8 uses a different version of Jabx, the namespace of the assertion has changed slightly.

Note that from the SAML Standard, the namespace and type are optional. (1):

If the data content of an <AttributeValue> element is of an XML
Schema simple type (such as xs:integer or xs:string), the datatype
MAY be declared explicitly by means of an xsi:type declaration in
the <AttributeValue> element.

Additional Information

2.7.3.1.1 Element <AttributeValue>
https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

Feedback

thumb_up Yes

thumb_down No