NameID Decoding
Cantor, Scott
cantor.2 at osu.edu
Thu Sep 8 00:20:28 BST 2011
On 9/7/11 7:09 PM, "It Meme" <it.meme01 at gmail.com> wrote:
>The following lists the IdP & SP end-points for releasing the
>university's ID, as a NameId
Why do you feel the need to use a NameID?
>That leads me to deduce that wither we are not handling the encoding
>of the attribute, uniNameID, as a NameId, correctly or the SP is not
>correctly configured to decode the attribute.
You're definitely not doing the NameID thing. If you read the big red
warning at the top of the exact topic that documents the attribute
definition you're using, I think it's pretty clearly not what you think
you're doing.
"This does not define a <NameID> for use in the <Subject> of the
assertion."
>Any feedback on paths to investigate (or have we got our understanding
>of NameID out-of-kilter?)
My advice is stop trying to use NameIDs and just pass the value as a
normal string or scoped attribute as desired.
Alternatively if you really want to use a NameID, you're using the wrong
approach and need to review this topic:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPNameIdentifier
-- Scott
More information about the users
mailing list