Viewing transientID value

Wessel, Keith kwessel at
Tue Dec 22 16:12:21 EST 2015

Thanks, Scott. Good to know I wasn't missing something obvious. I'd love to see the NameID included in the aacli output. Perhaps I'll add an enhancement request for that.

So, I'm using the default (distributed logback.xml) audit log format. Should the last column be the NameID? I believe you already told me this, but I want to make sure.


-----Original Message-----
From: users [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: Tuesday, December 22, 2015 3:02 PM
To: Shib Users <users at>
Subject: Re: Viewing transientID value

On 12/22/15, 3:53 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

>Should acli show the transientID value if it's the SAML NameID that's being released? If so, wehre in the output?

No, it operates just on the attribute set. Obviously it could be enhanced to do more work that simulates things, but that's all it does right now.

The audit log can be configured to show both the value and the format of the NameID.

>I also have a test CGI running on my sandbox SP that prints out all the environment vars received including those set by Shib. Should I see the NameID attribute in there? If so, what environment variable would it be stored in?

It isn't mapped to anything by default.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list