Hi Waruna, One thing you can try out is setting the "Subject Claim URI" in Claim Configuration of Service Provider. For example if you set the Subject Claim URI to "http://wso2.org/claims.givenname";, then in the SAML response you will not receive the tenant for the username.
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">*admin* </saml2:NameID> However if the Service Provider is SAAS enabled, you won't receive the tenant domain of the logged in user. Regards, TharinduE On Tue, Mar 29, 2016 at 4:42 PM, Waruna Jayaweera <[email protected]> wrote: > Hi, > I have configured SAML SSO for API manager store ( 1.10.0) with IS 5.1.0. > It seems SAML response nameid contains the full username for super tenant > users as [1]. Is there any way to configure Identity server to send the > SAML response name ID without carbon.super domain [2]. > > [1]<saml2:NameID > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">[email protected] > </saml2:NameID> > [2] <saml2:NameID > Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin</saml2:NameID > > Thanks, > Waruna > > > > > -- > Regards, > > Waruna Lakshitha Jayaweera > Software Engineer > WSO2 Inc; http://wso2.com > phone: +94713255198 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Tharindu Edirisinghe Software Engineer | WSO2 Inc Platform Security Team Blog : tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
