SPs with different NameIds

Senthil Ramiah sramiah at aileronconsulting.com
Sat Apr 30 17:36:13 EDT 2016 

Hello,
We are running Idp version 3.1.1. We need to support two SPs with different
nameId requirements (and different formats). Here is what we have for the
following config files. We need the *systemtwonameid* to come through in
the <subject> section only for the second SP instead of the mail attribute.
Looks like we are missing something and are unable to get it to work. Any
pointers on how to get this to work will be appreciated.























*saml-nameid.xml...    <util:list id="shibboleth.SAML2NameIDGenerators">
        <ref bean="shibboleth.SAML2TransientGenerator" />
<bean parent="shibboleth.SAML2AttributeSourcedGenerator"
p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
p:attributeSourceIds="#{ {'mail'} }" />        <bean
parent="shibboleth.SAML2AttributeSourcedGenerator"
p:format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
p:attributeSourceIds="#{ {'systemtwonameid'} }" >
        <property name="activationCondition">                <bean
parent="shibboleth.Conditions.RelyingPartyId"
c:candidate="http://systemtwo.xxx.com/shibboleth
<http://systemtwo.xxx.com/shibboleth>" />            </property>
</bean -->                    </util:list>...*





















*attribute-filter.xml<afp:AttributeFilterPolicy
id="abcid"><afp:PolicyRequirementRule
xsi:type="basic:AttributeRequesterString"
value="http://abc.xyz.com/shibboleth <http://abc.xyz.com/shibboleth>"
/><afp:AttributeRule attributeID="mail">    <afp:PermitValueRule
xsi:type="basic:ANY"
/></afp:AttributeRule></afp:AttributeFilterPolicy><afp:AttributeFilterPolicy
id="systemtwo">  <afp:PolicyRequirementRule
xsi:type="basic:AttributeRequesterString"
value="http://systemtwo.xxx.com/shibboleth
<http://systemtwo.xxx.com/shibboleth>" />    <afp:AttributeRule
attributeID="systemtwonameid">        <afp:PermitValueRule
xsi:type="basic:ANY" />
</afp:AttributeRule></afp:AttributeFilterPolicy>...*

*Thanks,*

*-Senthil*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160430/7934b187/attachment.html>

More information about the users mailing list