IdPv3 and generating persistent NameID
Sara Hopkins
sara.hopkins at ed.ac.uk
Fri May 1 13:41:02 EDT 2015
On 01/05/2015 17:04, Cantor, Scott wrote:
> No, it's more or less similar to V2, you have metadata from the SP, you have the SP requesting a Format in a NameIDPolicy element in its request, and you have the nameIDFormatPrecedence relying party property.
OK, so I'm trying to force the IdP to release the persistent ID by
having this in the shibboleth.DefaultRelyingParty bean:
<bean parent="SAML2.SSO"
p:nameIDFormatPrecedence="#{{'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'}}"
/>
I also tried this:
<bean parent="SAML2.SSO"
p:nameIDFormatPrecedence="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
/>
but I still just get a transient nameID.
Is nameIDFormatPrecedence sufficient on its own to achieve this, or does
it have to be specified by the SP as well (whether in metadata or by
requesting a Format in a NameIDPolicy element)?
Cheers,
Sara
--
Sara Hopkins
Support Team
UK Access Management Federation for Education and Research
web: http://www.ukfederation.org.uk/
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the users
mailing list