NameId question
Cantor, Scott
cantor.2 at osu.edu
Tue Feb 26 13:50:42 EST 2013
On 2/26/13 1:32 PM, "Brewer, Edward L" <lee.brewer at Vanderbilt.Edu> wrote:
>So the assertion is created with the TransientId instead.
Well, for starters, you have to get it to want to pick the bogus format
instead. That's covered in the wiki under NameID format selection, and
involves multiple inputs, but you can specify it now in the RelyingParty
config for that SP. Another way is to manipulate the SP's metadata.
> Now if I change the nameid-format to transient for concurid then the
>IdP chooses concurid but it has uses only username and no @vu.
I think that will be true either way because the encoder you used is for
"string" values, and the Scoped attribute has a more complex structure. So
it's chopping the scope. If there's a scoped variant, you'd have to use
that, but I don't think there is. You probably will need to construct a
variant of the attribute definition for use as a NameID that is not
scoped, and has the necessary data embedded in the string value.
The Template plugin probably would work well for that.
-- Scott
More information about the users
mailing list