Shibboleth 2.3 with SSO web client - mininum steps
Christopher Bongaarts
cab at umn.edu
Fri Feb 1 14:35:45 EST 2013
On 1/31/2013 2:39 PM, lalithj wrote:
> Looking at our logs (before the encryption) we can see the subject goes as
> follows
>
> <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
> NameQualifier="https://ourIdp.x.com/idp/shibboleth"
> SPNameQualifier="https://clientSP.com/">_99999fe8638579999999680248</saml2:NameID>
>
> they want email address/login Id instead,
Define a new attribute in attribute-resolver.xml that uses the email
address from your data source (LDAP, database, etc.) as the source
attribute, with a SAML2 NameID string encoder. Then update your
attribute-filter.xml file so that you release the new attribute, and
stop releasing transientID.
The links Peter gave have more detailed instructions.
And as Scott said, you'll probably want to make sure the SP's metadata
indicates support for the correct nameID format they want.
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list