- I would recommend renaming the namespace "urn:eu:stork:names:tc:STORK:1.0:stork" to "urn:eu:stork:names:tc:STORK:1.0:protocol" for "storkp". This is much more similar to the naming convention in SAML. - The "Extensions" element of SAML protocol messages belongs to a wrong namespace (SAML metadata instead of SAML protocol). It should also carry the "saml2p" prefix and not the stork prefix. - The elements "RequestedAttribute" belong to "storkp" namespace whereas they are specified in "stork" namespace. - Within the element "RequestedAttribute" the XML attribute "isRequired" is misspelled. ("isRequiered" instead of "isRequired") - The element "AttributeValue" in "RequestedAttribute" should also be in the "stork" namespace (In the current STORK interface specification it is in the SAML namespace but this is against the SAML 2.0 spec - I have already sent an RFC for that). - The attribute "Format" in the <saml2:NameID> attribute should be "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" instad of "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified". - The attribute "NotBefore" in the element <saml2:SubjectConfirmationData> is not allowed in the SAML SSO-Profile. - Within the <saml2:Attribute> element the STORK specific attribute "stork:AttributeStatus" is missing.
Hardware | All |
Product | None |
Operating System | All |
Component | SAML engine |
Version | None |
Severity | normal |
Resolution | None |