Google Apps with IdPv3

Dave Perry Dave.Perry at
Thu May 28 10:13:03 EDT 2015


What was your attribute-resolver definition, if you wouldn't mind sharing that please?


Dave Perry
eLearning Technologist, Hull College Group

Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930

* Need a fast reply? Try elearning at *

-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On Behalf Of Glenn Wearen
Sent: 19 March 2015 21:07
To: Shib Users
Subject: Re: Google Apps with IdPv3

Thanks for the advice, which I’ve applied successfully…

1. relying-party.xml

 <util:list id="shibboleth.RelyingPartyOverrides">
        <bean parent="RelyingPartyByName" c:relyingPartyIds="">
            <property name="profileConfigurations">
                    <bean parent="SAML2.SSO" p:nameIDFormatPrecedence="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" p:encryptAssertions="false" /> 

2. saml-nameid.xml

<util:list id="shibboleth.SAML2NameIDGenerators">
        <ref bean="shibboleth.SAML2TransientGenerator" />
        <bean parent="shibboleth.SAML2AttributeSourcedGenerator"
            p:attributeSourceIds="#{ {'Gprincipal'} }" />

Where Gprincipal is a simple attribute definition (without a legacy style attribute encoder) in attribute-resolver.xml and is released in my attribute-filter.

Kind Regards
HEAnet Limited, Ireland's Education and Research Network - 1st Floor, 5 George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301  tel: +353-1-6609040  fax: +353-1-6603666

> On 19 Mar 2015, at 16:58, Cantor, Scott <cantor.2 at> wrote:
>> I haven't tested it with google apps but yes have generated a 
>> response with unspecified.  in attribute resolver I created an attribute :
> That all works, but is a deprecated approach.
>> Finally in i set the default to unspecified:
>> idp.nameid.saml2.default = urn:oasis:names:tc:SAML:1.1:nameid-
>> format:unspecified
> Not how you want to control formats, unless you're only using Google SPs of course.
> -- Scott
> --
> To unsubscribe from this list send an email to 
> users-unsubscribe at

To unsubscribe from this list send an email to users-unsubscribe at

This message is sent in confidence for the addressee
only. It may  contain confidential or sensitive
information.  The contents are not to be disclosed
to anyone other than the addressee.  Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission.  Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College.  Nothing in this
message should be construed as creating a contract.

Hull College owns the email infrastructure, including the contents.

Hull College is committed to sustainability, please reflect before printing this email.


More information about the users mailing list