Persistent NameID
Richard Frovarp
richard.frovarp at ndsu.edu
Wed Jul 27 11:13:37 EDT 2016
I'm trying to figure out how to generate a SAML 2 Persistent NameID.
This is against Shibboleth IdP 3.2.x. I've followed the instructions in
the wiki, and see that the service is connecting to the DB. The table is
correct. When I hit my test IdP from an SP (like Test Shib or Ubuntu
14.04 default SP config), it isn't returning a persistent id. It is
returning a transient id. My knowledge of SPs is absolutely minimal. Is
this something that the SP needs to request? Am I missing something?
idp.persistentId.sourceAttribute = eduPersonUniqueId
idp.persistentId.salt = somerandomsalt
idp.persistentId.generator = shibboleth.StoredPersistentIdGenerator
idp.persistentId.store = NDSUPersistentIdStore
<util:list id="shibboleth.SAML2NameIDGenerators">
<ref bean="shibboleth.SAML2PersistentGenerator" />
</util:list>
<bean id="NDSUPersistentIdStore" parent="shibboleth.JDBCPersistentIdStore"
p:dataSource-ref="shibboleth.JPAStorageService.DataSource"
p:queryTimeout="PT2S"
p:retryableErrors="#{{'23000'}}" />
shibboleth.JPAStorageService.DataSource is defined in global.xml, and is
being successfully used by the consent persistence.
Thanks,
Richard
More information about the users
mailing list