namedID

[Nate Klingenstein]

Hong,

Then how to find out the name that my SP is receiving?

You could just ask the IdP what they're sending, or you could find it in the logs, as you've done.

In the test environment, I let my test Idp release webexID to my SP. Here is the nameID in saml2 assertion. I didn't see there is a name here.

<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" NameQualifier="https://shibidp-test.cit.cornell.edu/idp/shibboleth" SPNameQualifier="https://shibsp-test.idm.cit.cornell.edu/shibsp">hy93</saml2:NameID>

The Format is the name of the NameID and the rest of it may be combined into a value however you need.  The structure of a NameID doesn't match that of an Attribute, but the SP is trying to abstract all of that for the application and deployer, so the name doesn't match.

If I define NameID mapping correctly in attribute-map.xml, will this nameID be displayed in my SP's shibboleth.sso Session page along with other attributes?

Yes, it should be.

Thanks,
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140524/d65cbf18/attachment.html