namedID
Hong Ye
hy93 at cornell.edu
Fri May 23 19:25:25 EDT 2014
Nate,
Then how to find out the name that my SP is receiving? In the test environment, I let my test Idp release webexID to my SP. Here is the nameID in saml2 assertion. I didn't see there is a name here.
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" NameQualifier="https://shibidp-test.cit.cornell.edu/idp/shibboleth" SPNameQualifier="https://shibsp-test.idm.cit.cornell.edu/shibsp">hy93</saml2:NameID>
If I define NameID mapping correctly in attribute-map.xml, will this nameID be displayed in my SP's shibboleth.sso Session page along with other attributes?
Thanks,
Hong
On May 23, 2014, at 6:03 PM, Nate Klingenstein <ndk at internet2.edu<mailto:ndk at internet2.edu>>
wrote:
Hong,
I'm just curious how webex get the value of this nameID?
That's up to webex and its SAML implementation. SAML only defines mappings on the wire.
I have no idea how to define attribute mapping for nameID in SP? Could you give me an example?
There are several examples in the distribution attribute-map.xml file. I think this one will be the most useful for you. You'll need to change the name to what you're receiving and the id to what you're supplying to the web environment.
<!-- Fourth, the SAML 2.0 NameID Format: -->
<Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
</Attribute>
Thanks,
nate.
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140523/93871cb0/attachment-0001.html
More information about the users
mailing list