where is transientId in SAML assertion

David Bantz dabantz at alaska.edu
Mon Sep 22 18:02:35 EDT 2014 

Elementary question: 
	where, in the IdP’s SAML assertion, is the transientId <https://wiki.shibboleth.net/confluence/display/SHIB2/IdPTransientNameIdentifier>  ("released to anyone” as recommended)?

	Is it the ID in the assertion... NameID in the Subject portion ?  

from process log:

11:40:34.099 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:585] 
- Retaining attribute transientId which may be encoded as a name identifier of format urn:mace:shibboleth:1.0:nameIdentifier
11:40:34.100 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:585] 
- Retaining attribute oktanameid which may be encoded as a name identifier of format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
11:40:34.100 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:690] 
- Selecting attribute to be encoded as a name identifier by encoder of type edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
11:40:34.100 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:717] 
- Selecting the first attribute that can be encoded in to a name identifier
11:40:34.100 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:501] 
- Name identifier for relying party 'https://••••' will be built from attribute 'transientId'
11:40:34.101 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:868] 
- Using attribute 'transientId' supporting NameID format 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' to create the NameID for relying party 'https://••••••'

SAML assertion fragments:

<?xml version="1.0" encoding="UTF-8"?><saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://••••" ID="_5a83f3c5e2d3e9f6eb30a6fbcc98f1cc" IssueInstant="2014-09-22T21:39:45.977Z" Version="2.0”>…

 <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_ade790abe4f75d0b979b039ce18912ea" IssueInstant="2014-09-22T21:39:45.977Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema”>...

<saml2:Subject>
         <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="urn:mace:incommon:alaska.edu" SPNameQualifier="urn:amazon:webservices">_59ddcabea831dd654d8a75364ac70492</saml2:NameID>...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140922/9b64a328/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://shibboleth.net/pipermail/users/attachments/20140922/9b64a328/attachment.bin

More information about the users mailing list