saml2:NameID value in clear text?

[Qian, Yi]

What you released is a transient id, you need to do 2 changes
1. block transient id release
2. define some type of name id using the uid from your LDAP, then release it
________________________________
From: users-bounces at shibboleth.net [users-bounces at shibboleth.net] on behalf of XiaoXia Dong [x-dong at northwestern.edu]
Sent: Monday, September 29, 2014 2:21 PM
To: Shib Users
Subject: saml2:NameID value in clear text?

Hello,

We have a vendor which is asking to set the value of a saml2:NameID to be clear text, rather than encrypted. I already set the encryptNameIds=never in the relying-party.xml,but still got the encrypted value.

Here is an example what I have now and what the vendor is asking for:

What we are passing:

<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                          NameQualifier="urn:mace:incommon:northwestern.edu"
                          >_365db0cf8e660be39c212605fb05ea97</saml2:NameID>

What the vendor is asking for:

<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                          NameQualifier="urn:mace:incommon:northwestern.edu"
                          >nustaff1</saml2:NameID>


Is this doable? If yes, can someone point me to the right direction what other changes are needed?

Thanks in advance for your help.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140930/f8b811bd/attachment.html