Hong Ye hy93 at
Fri May 23 19:25:25 EDT 2014


Then how to find out the name that my SP is receiving? In the test environment, I let my test Idp release webexID to my SP. Here is the nameID in saml2 assertion. I didn't see there is a name here.

<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" NameQualifier="" SPNameQualifier="">hy93</saml2:NameID>

If I define NameID mapping correctly in attribute-map.xml, will this nameID be displayed in my SP's shibboleth.sso Session page along with other attributes?


On May 23, 2014, at 6:03 PM, Nate Klingenstein <ndk at<mailto:ndk at>>


I'm just curious how webex get the value of this nameID?

That's up to webex and its SAML implementation.  SAML only defines mappings on the wire.

I have no idea how to define attribute mapping for nameID in SP? Could you give me an example?

There are several examples in the distribution attribute-map.xml file.  I think this one will be the most useful for you.  You'll need to change the name to what you're receiving and the id to what you're supplying to the web environment.

    <!-- Fourth, the SAML 2.0 NameID Format: -->
    <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>

To unsubscribe from this list send an email to users-unsubscribe at<mailto:users-unsubscribe at>

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list