PersistentNameIDGenerationConfiguration
ofaklintrafo
ofa at klintra.fo
Fri Feb 23 03:37:06 EST 2018
I am trying to understand where I need to adjust the configuration on the IDP
and SP to release a nameid persistent identifier to a service provider.
The attribute resolver configuration file has a definition of an uid
attribute
<AttributeDefinition xsi:type="Simple" id="uid" sourceAttributeID="uid">
<Dependency ref="mySIS" />
<AttributeEncoder xsi:type="SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid"
encodeType="false" />
</AttributeDefinition>
I would like to release a persistent identifier to a service provider SP1
which is stable with respect to SP1, based on the value of the uid attribute
but hashed for privacy reaons.
>From documentation I think that this is the case described on this page:
https://wiki.shibboleth.net/confluence/display/IDP30/PersistentNameIDGenerationConfiguration
So I have uncommented and adjusted the following lines in
saml-nameid.properties and also the SAML2PersistentGenerator in the
saml-nameid.xml
idp.persistentId.sourceAttribut = uid
idp.persistentId.useUnfilteredAttributes = true
idp.persistentId.algorithm = SHA
idp.persistentId.salt = changethistosomethingrandom
idp.persistentId.encoding = BASE32
But which attribute should I release to the service provider ?
Currently I have the attributes for the SP1 service provider defined in the
attribute-filter.xml.
What more is required to release the persistentId to the SP1 ? Is anything
required on the service provider side? Or in the metadata files ?
--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
More information about the users
mailing list