1330599 – [GSS](6.4.z) SAML2LogoutHandler should create logout request with nameid format

Bug 1330599 - [GSS](6.4.z) SAML2LogoutHandler should create logout request with nameid format

Summary: [GSS](6.4.z) SAML2LogoutHandler should create logout request with nameid format

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	PicketLink
Sub Component:
Version:	6.4.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	CR1
Target Release:	EAP 6.4.9
Assignee:	Dmitrii Tikhomirov
QA Contact:	Josef Cacek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	eap649-payload 1330602 1333180
TreeView+	depends on / blocked

Reported:	2016-04-26 14:38 UTC by dhorton
Modified:	2019-12-16 05:42 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1330602 (view as bug list)
Environment:
Last Closed:	2017-01-17 12:53:44 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	JBEAP-15042	Major	Resolved	[GSS](7.1.z) SAML2LogoutHandler should create logout request with nameid format	2018-09-17 06:43:43 UTC
Red Hat Issue Tracker	PLINK-378	Major	Closed	SAML2LogoutHandler should create logout request with nameid format	2018-09-17 06:43:43 UTC
Red Hat Knowledge Base (Solution)	2280491	None	None	None	2016-06-28 20:28:16 UTC

Description dhorton 2016-04-26 14:38:31 UTC

Description of problem:
The logout request created by the SAML2LogoutHandler needs to have the format set on the NameID. Even though the spec says it is an optional attribute, 3rd party projects such as Shibboleth mandate it.

Comment 1 dhorton 2016-04-26 15:14:43 UTC

Fixed in branch 2.5.4.SP7-redhat-1_BZ-1330602.  This needs to be cherry-picked into the next product release branch.

Comment 2 dhorton 2016-04-26 15:18:08 UTC

The NameID format can be adjusted by using teh "NAMEID_FORMAT" configuration option on the SAML2LogOutHandler in the picketlink.xml file:

<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler">
  <Option Key="NAMEID_FORMAT" Value="urn:oasis:names:tc:SAML:2.0:nameid-format:email"/>                                                              
</Handler>

Comment 7 Jiří Bílek 2016-06-24 10:56:04 UTC

Verified with EAP 6.4.9.CP.CR2

Comment 8 Petr Penicka 2017-01-17 12:53:44 UTC

Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.

Note You need to log in before you can comment on or make changes to this bug.