Error while creating bean with name "searchUsername" for AttributePostLoginC14NConfiguration

[Cantor, Scott]

> Straight copy and paste from the wiki page for the attribute resolver script.

Then the example's wrong or the paste is, but the script didn't work. A long script like that could have errors or you could be using Chrome and pasting bad characters or something like that.

> I am trying to duplicate what I had in v2 where I set the nameid-
> format:persistent in relying-party.xml for an SP.  They need the uid in the
> saml-nameid not to be encrypted.

Well, that isn't something you use that particular feature to configure.

Also a persistent NameID is opaque, generally, but not encrypted. It should never be non-opaque unless you have a really good reason, and you never, ever, ever use the same format with two different SPs but with a different kind of value. So if they need a NameID that's non-opaque, they cannot do that with the persistent format.

> I have done the settings from the NameIDGenerationConfiguration page and
> the PersistentNAmeIDGenerationConfiguration page.  I just seem to be
> missing the “don’t encrypt” it setting.

If you need a different kind of NameID for an SP, you can generate one based on an attribute as described in [1]. The format in that case is not "persistent".

You can also temporarily just reuse the original configuration, that still works. Encoding NameIDs with the resolver is fully supported, just deprecated.

But you should certainly not be generating one that contains a user's username and calling it a persistent NameID.

There is no "don't encrypt" setting, because there is no encryption involved.

-- Scott

[1] https://wiki.shibboleth.net/confluence/display/IDP30/CustomNameIDGenerationConfiguration