Converting Nameids to v3
mmoayyed at unicon.net
Mon May 4 15:56:29 EDT 2015
You got it correctly. I wasn’t sure how to release that attribute and it
seems like we are going to have to keep the old deprecated config for now.
I'll have a few more other nameid attributes that I need to convert and I'll
circle back to that thread. Thanks for the pointer.
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Monday, May 4, 2015 11:36 AM
To: Shib Users
Subject: Re: Converting Nameids to v3
On 5/4/15, 2:29 PM, "Misagh Moayyed" <mmoayyed at unicon.net> wrote:
>This is more of a how-to question. I am trying to figure out the steps
>required to convert a deprecated Saml2NameId attribute definition to new.
>In my v2 config, I have an eduPersonTargettedID of type Saml2NameID and
>nameIdFormat of persistent.
> It has two encoders of Saml1XmlObject and Saml2XMLObject.
That isn't possible to convert, unless I'm not following what you're
converting. There have been a few threads on this. Using NameID-valued
attributes was never meant to be a commonly done SAML 2 thing, and there is
no non-deprecated mechanism to do that in the case of a persistent name.
It's not the XMLObject encoders that are deprecated but the connectors that
generate Stored or Computed IDs. But there is no other way to get those
values into a SAML AttributeValue.
>This is what I have so far in v3, having removed the attribute definition
>from the resolver file first:
>Uncmmented the SAML2PersistentGenerator bean
>In saml-nameid properties, I added the source attribute and the salt
>What are the remaining steps required to release this attribute? (It’s
>already configured for release)
None of that has anything to do with releasing an attribute. That's for the
assertion subject and I answered that part in response to Sara's questions
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
More information about the users