Google Apps with IdPv3

Dave Perry Dave.Perry at hull-college.ac.uk
Fri Mar 20 05:53:24 EDT 2015 

So to reuse my v2 config for Google in v3, can I just setup the saml-nameid.xml as Glenn got working in his v3, and change my g_principal attribute to use that generator?


_________________________________________________
Dave Perry
eLearning Technologist, Hull College Group

Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930

* Need a fast reply? Try elearning at hull-college.ac.uk *

Rate our service with the Library & eLearning Survey
For Students: http://library.hull-college.ac.uk/survey 
For Staff: http://library.hull-college.ac.uk/staffsurvey 


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: 19 March 2015 16:57
To: Shib Users
Subject: RE: Google Apps with IdPv3

> Has anybody managed to generate a response accepted by Google Apps 
> with a new IdPv3 install, i.e. a response containing unspecified 
> nameid format?

You want to follow the wiki page on generation of NameIDs and look at the brief discussion around creating a custom one:

https://wiki.shibboleth.net/confluence/display/IDP30/NameIDGenerationConfiguration

"If you want custom values based on an attribute, uncomment one or more copies of the example bean(s) appropriately and ensure the underlying source attribute(s) are released to the applicable relying party or parties."

So basically get the underlying data attribute defined and released to Google. Then modify/copy the example in the saml-nameid.xml file to configure a generator that pulls from that source attribute and set the format to unspecified.

You can enable the generator explicitly for Google if you have to, but the simplest way to control data release is still through the filter by limiting who gets the underlying attribute. Then the NameID just becomes a particular way some SPs receive that data.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

**********************************************************************
This message is sent in confidence for the addressee
only. It may  contain confidential or sensitive
information.  The contents are not to be disclosed
to anyone other than the addressee.  Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission.  Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College.  Nothing in this
message should be construed as creating a contract.

Hull College owns the email infrastructure, including the contents.

Hull College is committed to sustainability, please reflect before printing this email.
**********************************************************************

TEXT

More information about the users mailing list