Persistent Assertion/Subject/NameID from LDAP Attribute
Henry B. Hotz
hotz at jpl.nasa.gov
Thu Aug 9 03:34:15 EDT 2012
On the bottom, I've got an attribute (LDAP "mail") which is getting put in the IDP response just fine. I'm having trouble connecting the dots up to get it used as a persistent NameID for the Assertion. (Preferably only for one SP.)
While the IdPPersistentNameIdentifier page doesn't say so, I assume I should put the "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" as a supported <NameIDFormat> in both the SP and IDP metadata.
What is it that tells the IDP to use a specific attribute as the NameID for the assertion? Is it putting an extra <resolver:AttributeEncoder> into the <resolver:AttributeDefinition>?
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the users
mailing list