Converting Nameids to v3

Misagh Moayyed mmoayyed at
Mon May 4 15:56:29 EDT 2015

You got it correctly. I wasn’t sure how to release that attribute and it 
seems like we are going to have to keep the old deprecated config for now.

I'll have a few more other nameid attributes that I need to convert and I'll 
circle back to that thread. Thanks for the pointer.

-----Original Message-----
From: users [mailto:users-bounces at] On Behalf Of Cantor, Scott
Sent: Monday, May 4, 2015 11:36 AM
To: Shib Users
Subject: Re: Converting Nameids to v3

On 5/4/15, 2:29 PM, "Misagh Moayyed" <mmoayyed at> wrote:

>This is more of a how-to question. I am trying to figure out the steps 
>required to convert a deprecated Saml2NameId attribute definition to new. 
>In my v2 config, I have an eduPersonTargettedID of type Saml2NameID and 
>nameIdFormat of persistent.
> It has two encoders of Saml1XmlObject and Saml2XMLObject.

That isn't possible to convert, unless I'm not following what you're 
converting. There have been a few threads on this. Using NameID-valued 
attributes was never meant to be a commonly done SAML 2 thing, and there is 
no non-deprecated mechanism to do that in the case of a persistent name. 
It's not the XMLObject encoders that are deprecated but the connectors that 
generate Stored or Computed IDs. But there is no other way to get those 
values into a SAML AttributeValue.

>This is what I have so far in v3, having removed the attribute definition 
>from the resolver file first:
>Uncmmented the SAML2PersistentGenerator bean
>In saml-nameid properties, I added the source attribute and the salt
>What are the remaining steps required to release this attribute? (It’s 
>already configured for release)

None of that has anything to do with releasing an attribute. That's for the 
assertion subject and I answered that part in response to Sara's questions 
last week.

-- Scott

To unsubscribe from this list send an email to 
users-unsubscribe at

More information about the users mailing list