Previous Topic: Wrong Private Key is Used to Sign Assertions (76161, 83118)Next Topic: Session Server Error When Assertion Attribute Value is Blank or NULL (76985, 83120, 83703)

Release NotesFederation Security Services Release NotesFixes in r12 SP1 and SP2NameID in Assertion Had the Wrong Format (76311, 83119)

NameID in Assertion Had the Wrong Format (76311, 83119)

Symptom:

When the NameID in an assertion was set to X509SubjectName and the NameID was configured as an LDAP DN, the Policy Server at the Identity Provider was escaping all the commas in the NameID. This format is wrong because only commas (and other special characters) within attribute values should be escaped. The commas that separate the different parts of the DN should not be escaped.

STAR Issue: 17509310;01

Solution:

When the NameID is set to X509SubjectName and the contents of the NameID is an LDAP DN, do not escape the commas separating the relative DNs. For example, the following DN is valid:

Uid = user1, dc=systemtest, dc=com