hy93 at cornell.edu
Fri May 23 22:19:33 EDT 2014
Now I got it. Thanks you very much for your help. Have a great weekend!
On May 23, 2014, at 9:41 PM, Nate Klingenstein <ndk at internet2.edu<mailto:ndk at internet2.edu>>
Then how to find out the name that my SP is receiving?
You could just ask the IdP what they're sending, or you could find it in the logs, as you've done.
In the test environment, I let my test Idp release webexID to my SP. Here is the nameID in saml2 assertion. I didn't see there is a name here.
<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" NameQualifier="https://shibidp-test.cit.cornell.edu/idp/shibboleth" SPNameQualifier="https://shibsp-test.idm.cit.cornell.edu/shibsp">hy93</saml2:NameID>
The Format is the name of the NameID and the rest of it may be combined into a value however you need. The structure of a NameID doesn't match that of an Attribute, but the SP is trying to abstract all of that for the application and deployer, so the name doesn't match.
If I define NameID mapping correctly in attribute-map.xml, will this nameID be displayed in my SP's shibboleth.sso Session page along with other attributes?
Yes, it should be.
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users