"non-NameID-valued attribute" for hashed NameID

Peter Schober peter.schober at univie.ac.at
Fri Nov 18 15:06:35 GMT 2011

* Cantor, Scott <cantor.2 at osu.edu> [2011-11-18 15:54]:
> On 11/18/11 6:19 AM, "Peter Schober" <peter.schober at univie.ac.at> wrote:
> >On a newly installed SP on RHEL6 (64-bit, from the OBS repo ) I'm
> >trying to activate hashing of NameIDs in the attribute map, like I did
> >on other SPs.
> The hashing process is running at more or less the wrong layer to use it
> for this purpose, it runs very early during decoding, so they're hashed by
> the time you filter. The values get decoded into a string instead of a
> NameID.

That's what I thought explained the message but I was failing to see
why the other SP running the same release could then work just fine
doing exactly that for quite a while.
Well, it seems on the SP where it worked as intended I never updated
the attribute-policy.xml with the new "persistent-id" rule from
And the newly installed SP already already came with it.
Not quite so mysterious after all.

More information about the users mailing list