Persistent NameID

Richard Frovarp richard.frovarp at ndsu.edu
Wed Jul 27 11:13:37 EDT 2016


I'm trying to figure out how to generate a SAML 2 Persistent NameID. 
This is against Shibboleth IdP 3.2.x. I've followed the instructions in 
the wiki, and see that the service is connecting to the DB. The table is 
correct. When I hit my test IdP from an SP (like Test Shib or Ubuntu 
14.04 default SP config), it isn't returning a persistent id. It is 
returning a transient id. My knowledge of SPs is absolutely minimal. Is 
this something that the SP needs to request? Am I missing something?

idp.persistentId.sourceAttribute = eduPersonUniqueId
idp.persistentId.salt = somerandomsalt
idp.persistentId.generator = shibboleth.StoredPersistentIdGenerator
idp.persistentId.store = NDSUPersistentIdStore

<util:list id="shibboleth.SAML2NameIDGenerators">
   <ref bean="shibboleth.SAML2PersistentGenerator" />
</util:list>

<bean id="NDSUPersistentIdStore" parent="shibboleth.JDBCPersistentIdStore"
     p:dataSource-ref="shibboleth.JPAStorageService.DataSource"
     p:queryTimeout="PT2S"
     p:retryableErrors="#{{'23000'}}" />


shibboleth.JPAStorageService.DataSource is defined in global.xml, and is 
being successfully used by the consent persistence.

Thanks,
Richard


More information about the users mailing list