SAFIRE federation hub compatibility quirks
To ensure broad compatibility with commonly used SAML identity providers, SAFIRE’s federation hub can adjust its behaviour to handle specific quirks in some implementations. This is mainly intended for proprietary SAML software stacks that do not fully support our deployment profiles. It is not a substitute for correcting misconfigurations.
Quirks are signalled in identity provider metadata by setting the x-safire.ac.za:quirks
EntityAttribute as follows:
<mdattr:EntityAttributes>
<saml:Attribute FriendlyName="quirks" Name="urn:x-safire.ac.za:quirks" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>quirk1</saml:AttributeValue>
<saml:AttributeValue>quirk2</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
Note that is is only supported for identity providers that are directly registered in SAFIRE.