saml2:NameID value in clear text?
Cantor, Scott
cantor.2 at osu.edu
Mon Sep 29 18:00:23 EDT 2014
On 9/29/14, 3:21 PM, "XiaoXia Dong" <x-dong at northwestern.edu> wrote:
>I already set the encryptNameIds=never in the relying-party.xml,but still
>got the encrypted value.
No, that's not encrypted.
>What the vendor is asking for:
>
><saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
>
>NameQualifier="urn:mace:incommon:northwestern.edu"
> >nustaff1</saml2:NameID>
That would be incorrect, that's not a transient ID. You should not send
that. If they want some other format, they need to identify the format
they want, and then you have to support it. If they don't care, then it
depends on what kind of identifier they need as to what Format should be
used to make the configuration general.
>
>
>Is this doable? If yes, can someone point me to the right direction what
>other changes are needed?
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPNameIdentifier
-- Scott
More information about the users
mailing list