Persistent Assertion/Subject/NameID from LDAP Attribute
Henry B. Hotz
hotz at jpl.nasa.gov
Thu Aug 9 16:56:29 EDT 2012
That's a good page, thanks. (Not the one Google sends you to if you think the opposite of "transient" is a good search term.)
On another Google tangent, they recommend "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" for use with their Apps. Of course that's for a user name, not necessarily an email.
Since I see that the SAML 1.1 email format is listed in the SAML 2.0 core document. Should I conclude that it is to be used with SAML 2.0? I.e. they just didn't think they needed to re-invent the wheel?
On Aug 9, 2012, at 8:17 AM, Chad La Joie wrote:
> Right, as documented here:
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPNameIdentifier
>
> On Thu, Aug 9, 2012 at 11:01 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>> In part. There's also a precedence setting in the relying party file that
>> tells it what formats to "prefer" for a given SP or set of SPs, and that
>> plus the filter policy results in a set of candidate NameID possibilities
>> that gets randomly picked from.
>
> --
> Chad La Joie
> www.itumi.biz
> trusted identities, delivered
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the users
mailing list