Attribute Resolver Migrating to IDP30 and generatin persistent NameId using PrincipalName
Katia
katia_muser at yahoo.com
Mon May 11 21:07:08 EDT 2015
I've went through the post from 2 weeks ago from Sara (IdPv3 and generating
persistent NameID) and the subsequent responses and I followed the steps
detailed in the documentation to support PersistentId NameId
Content of
saml-nameid.properties
idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator
idp.persistentId.sourceAttribute = persistentNameIdSourceUid
idp.persistentId.salt = 2222343
idp.persistentId.algorithm = SHA
idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator
idp.nameid.saml1.legacyGenerator =
shibboleth.LegacySAML1NameIdentifierGenerator
However my attribute_resolver configuration that worked in V2 is now failing
<resolver:AttributeDefinition id="persistentNameIdSourceUid"
xsi:type="ad:PrincipalName">
<resolver:AttributeEncoder
xsi:type="enc:SAML1StringNameIdentifier"
nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
<resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID"
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
</resolver:AttributeDefinition>
In IDP30 I get this error using the same provider
WARN [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:337] -
Profile Action AddNameIDToSubjects: Request specified use of an
unsupportable identifier format:
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
Let me know if you need more details.
Thanks!
Katia
--
View this message in context: http://shibboleth.1660669.n2.nabble.com/Attribute-Resolver-Migrating-to-IDP30-and-generatin-persistent-NameId-using-PrincipalName-tp7614884.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
More information about the users
mailing list