NameID Decoding
It Meme
it.meme01 at gmail.com
Thu Sep 8 00:09:07 BST 2011
Hi:
The following lists the IdP & SP end-points for releasing the
university's ID, as a NameId
The uniNameID is not appearing in the SP's transaction log, the IdP's
log shows the attribute as being released to the SP in question.
That leads me to deduce that wither we are not handling the encoding
of the attribute, uniNameID, as a NameId, correctly or the SP is not
correctly configured to decode the attribute.
Any feedback on paths to investigate (or have we got our understanding
of NameID out-of-kilter?)
A) IdP's attribute-resolver.xml
<resolver:AttributeDefinition id="uniNameID"
xsi:type="SAML2NameID" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
sourceAttributeID="uniID">
<resolver:Dependency ref="dblookup" />
<resolver:AttributeEncoder
xsi:type="enc:SAML2StringNameID" />
</resolver:AttributeDefinition>
B) SP's attribute-map.xml
<Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
id="uniNameID">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" />
</Attribute>
More information about the users
mailing list