SAML2StringNameID format

Nate Klingenstein ndk at internet2.edu
Mon Jun 9 15:33:33 EDT 2014


Michael,

The SP may not have given you enough information to handle this because SAML 2.0 allows for NameID's to be encoded either in attributes in the AttributeStatement or as the Subject of an assertion.  I would be shocked if they were looking for the former.

You'll need to ask them more precisely what they're looking for.  I assume it's urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress in the Subject.

Thanks,
Nate.

On Jun 9, 2014, at 1:25 PM, Michael Dahlberg <olgamirth at gmail.com>
 wrote:

> I apologize if the answer to this question is on the Shibboleth wiki, I just was unable to find it (at least on this page https://wiki.shibboleth.net/confluence/display/SHIB2/SAML2StringNameIDEncoder).  
> 
> I'm running a Shibboleth 2.40 IdP and am trying to release the email address attribute to the SP.  The SP asks that the attribute encoder be of type SAML2StringNameID.  I assume I need to modify the nameFormat parameter from the default specification: "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" to something else.  Any suggestions would be most helpful.
> 
> Thanks,
> Mike
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net



More information about the users mailing list