Auth+Framework-+Incorrect+User

Please contribute your comments via the discussion tab above. Outcomes and resolution will be added at the bottom of this page.

=Auth framework: impact of incorrect Issuer?=

0 row selected - rows selected - [|clear] || Issue: In the header of request messages, the Issuer element is not being set; instead it is using default values (e.g. CN=SAML User). As described in Section 3.3 of the Authorization Framework, the Issuer element is required to identify the individual responsible for issuing the Assertions carried in the message. This is normally the system security officer for the sending NHIO.
 * ~ 1 - 1 of 1
 * [[image:http://www.wikispaces.com/i/user_none_lg.jpg width="48" height="48" caption="JoeLamy" link="http://www.wikispaces.com/user/view/JoeLamy"]] || [|JoeLamy]

After discussing with candidates, some said there was no such person they could identify, and suggested using a role or an email address not assigned to a specific person, or the "unspecified" format, which they took to mean (incorrectly I believe) that the identity was unspecified, rather than the format.

What's the impact? Is this just informational? Required for auditing? Are any of the suggested workarounds acceptable?

Example:  CN=SAML User,OU=SU,O=SAML User,L=Los Angeles,ST=CA,C=US 

Tentative severity level: 2-High ||