Do not use deprecated NAMEID_EMAIL_ADDRESS as default for SAML2 logout#5907
Do not use deprecated NAMEID_EMAIL_ADDRESS as default for SAML2 logout#5907jdede wants to merge 2 commits intoBookStackApp:developmentfrom
Conversation
|
Thanks for the PR @jdede.
Do you have any relatively official guidance as to how that's been deprecated? From searching I can't find any notice/spec defining that it's been deprecated at all. I'm not keen on changing the defaults as per this PR, as I'm concerned this will cause breaking changes for existing users. Generally I don't think it'd be worth supporting variation here unless there's a wider proven need, and at the moment it seems like this is a need based on the defaults of one auth provide, which can support NAMEID_EMAIL_ADDRESS with a little configuration as far as I can tell? |
For SAML 2.0 logout, the "
NAMEID_EMAIL_ADDRESS" (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress) is used as the default value. As the value is set, it can not be overwritten in theoneloginframework for example by setting something likeFurther, the
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressis outdated by IDMs like shibboleth.By removing this line, the default settings of the underlying framework are being used and users can adapt the value according to their needs by using the overrides.