Learning - sending transient nameId
Cantor, Scott
cantor.2 at osu.edu
Thu Aug 16 16:44:52 EDT 2018
On 8/16/18, 4:17 PM, "users on behalf of Norman Bodnar" <users-bounces at shibboleth.net on behalf of bodnarn at gmail.com> wrote:
> I want to send and see a transient nameId value (which I called "principal3") in my SAML response. I have to code this
> in as the default behaviors on this IdP have been tweaked long ago.
If you're trying to support the NameID Format defined in SAML by that name, you're wasting your time using a bunch of old pieces and parts that are ignored at runtime and you are ignoring warnings in the log telling you that. The old TransientId definiton in the resolver does nothing, and no attribute using it can be or needs to be released in a filter rule. It simply doesn't exist.
The IdP out of the box defaults to that Format of NameID and will simply send one with that Format any time it isn't told to do something else. So don't tell it to do something else using one of the documented Format selection methods and that's what you'll get.
-- Scott
More information about the users
mailing list