ofaklintrafo ofa at
Fri Feb 23 03:37:06 EST 2018

I am trying to understand where I need to adjust the configuration on the IDP
and SP to release a nameid persistent identifier to a service provider.

The attribute resolver configuration file has a definition of an uid

<AttributeDefinition xsi:type="Simple" id="uid" sourceAttributeID="uid">
        <Dependency ref="mySIS" />
        <AttributeEncoder xsi:type="SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid"
encodeType="false" />

I would like to release a persistent identifier to a service provider SP1
which is stable with respect to SP1, based on the value of the uid attribute
but hashed for privacy reaons. 

>From documentation I think that this is the case described on this page:

So I have uncommented and adjusted the following lines in and also the SAML2PersistentGenerator in the

idp.persistentId.sourceAttribut = uid 
idp.persistentId.useUnfilteredAttributes = true
idp.persistentId.algorithm = SHA
idp.persistentId.salt = changethistosomethingrandom
idp.persistentId.encoding = BASE32

But which attribute should I release to the service provider ?

Currently I have the attributes for the SP1 service provider defined in the

What more is required to release the persistentId to the SP1 ? Is anything
required on the service provider side? Or in the metadata files ?

Sent from:

More information about the users mailing list