Converting Nameids to v3
cantor.2 at osu.edu
Mon May 4 14:35:52 EDT 2015
On 5/4/15, 2:29 PM, "Misagh Moayyed" <mmoayyed at unicon.net> wrote:
>This is more of a how-to question. I am trying to figure out the steps required to convert a deprecated Saml2NameId attribute definition to new. In my v2 config, I have an eduPersonTargettedID of type Saml2NameID and nameIdFormat of persistent.
> It has two encoders of Saml1XmlObject and Saml2XMLObject.
That isn't possible to convert, unless I'm not following what you're converting. There have been a few threads on this. Using NameID-valued attributes was never meant to be a commonly done SAML 2 thing, and there is no non-deprecated mechanism to do that in the case of a persistent name. It's not the XMLObject encoders that are deprecated but the connectors that generate Stored or Computed IDs. But there is no other way to get those values into a SAML AttributeValue.
>This is what I have so far in v3, having removed the attribute definition from the resolver file first:
>Uncmmented the SAML2PersistentGenerator bean
>In saml-nameid properties, I added the source attribute and the salt
>What are the remaining steps required to release this attribute? (It’s already configured for release)
None of that has anything to do with releasing an attribute. That's for the assertion subject and I answered that part in response to Sara's questions last week.
More information about the users