SAML2StringNameID will be removed

sherrera sherrera at
Mon Dec 17 16:48:43 EST 2018

We are working on finishing up our upgrade to v3.4.1 and I am trying to work
through the warning messages in the logs. I've been reading the
documentation and reviewing questions posted by others but I still can't
seem to grasp this very well: 

WARN [DEPRECATED:118] - xsi:type
'{urn:mace:shibboleth:2.0:resolver}SAML2StringNameID', (file
[/opt/shibboleth-idp/conf/attribute-resolver.xml]): This will be removed in
the next major version of this software; replacement is via NameID
Generation Service configuration

The attribute-resolver entry it is complaining about is:

<AttributeDefinition xsi:type="Simple" id="bitEmail">
        <InputDataConnector ref="myLDAP" attributeNames="mail"/>
        <AttributeEncoder xsi:type="SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
        <AttributeEncoder xsi:type="SAML2StringNameID"
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />

I've been researching NameID Generation service but it still escapes me. I
believe I need to uncomment the PersistentGenerator in saml-nameid.xml to
begin with. Then where I'm not sure is how to transition away from
xsi:type="SAML2StringNameID and tie that entry back to my "bitEmail". What
would an example entry look like for this?

Sent from:

More information about the users mailing list