idp 3.3.2, SP wants transient and persistent ID's

Robert Duncan Robert.Duncan at ncirl.ie
Fri Nov 2 09:16:53 EDT 2018 

Hi,


A non Shibboleth SP is requesting nameid's like so:


<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>


but our idp is only releasing transient,


"Note that unlike in V2, the transient or persistent identifiers produced by the new V3 generation service are not treated as attributes and are not release-controlled via an attribute filter<https://wiki.shibboleth.net/confluence/display/IDP30/AttributeFilterConfiguration> policy. Rather, transients are viewed as harmless (because they are merely one-time values) and persistent identifiers cannot be generated without configuring an appropriate source attribute or other properties."

I'm confident that we are producing persistentID's as I can query them in the database.

I tested with aacli, the result for the metadata above is no attributes, should I be able to view persistent ID's as 'traditional' attributes with a clean install 3.3.2


Thanks,

Robert Duncan

National College of Ireland.

________________________________
The information contained and transmitted in this e-mail is confidential information, and is intended only for the named recipient to which it is addressed. The content of this e-mail may not have been sent with the authority of National College of Ireland. Any views or opinions presented are solely those of the author and do not necessarily represent those of National College of Ireland. If the reader of this message is not the named recipient or a person responsible for delivering it to the named recipient, you are notified that the review, dissemination, distribution, transmission, printing or copying, forwarding, or any other use of this message or any part of it, including any attachments, is strictly prohibited. If you have received this communication in error, please delete the e-mail and destroy all record of this communication. Thank you for your assistance.
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181102/7532d1c5/attachment.html>

More information about the users mailing list