Persistent NameID

Peter Schober peter.schober at univie.ac.at
Wed Jul 27 11:19:06 EDT 2016


* Richard Frovarp <richard.frovarp at ndsu.edu> [2016-07-27 17:14]:
> I'm trying to figure out how to generate a SAML 2 Persistent NameID. This is
> against Shibboleth IdP 3.2.x. I've followed the instructions in the wiki,
> and see that the service is connecting to the DB. The table is correct. When
> I hit my test IdP from an SP (like Test Shib or Ubuntu 14.04 default SP
> config), it isn't returning a persistent id. It is returning a transient id.
> My knowledge of SPs is absolutely minimal. Is this something that the SP
> needs to request? Am I missing something?

The SP can request it in the SAML authentication request, the SP's
SAML Metadata can also list it (first) in the NameIDFormat elements.
If you control the metadata of the SP in your IDP (e.g. in a local
file) the latter is the simplest way to test.
-peter


More information about the users mailing list