Persistent NameID attribute does not appear to be released.

Mathis, Bradley bmathis at pima.edu
Wed Apr 8 15:37:15 EDT 2020 

FYI - Problem resolved.   The SP side application need the "username" on
their side mapped to the urn
 "urn:oid:0.9.2342.19200300.100.1.1" instead of the friendly name of "uid"

Thanks!

Brad Mathis
IT Systems Architect
Infrastructure Services - Applications
Pima Community College
520.206.4826
bmathis at pima.edu







On Wed, Apr 8, 2020 at 9:43 AM Mathis, Bradley <bmathis at pima.edu> wrote:

> Hi Steve,    Ah I see what you mean.. the subject of my email I realize
> wasn't a good description.  This is probably due to my lack of
> understanding.... I guess what I'm expecting to see is the Attribute
> "BeyondTrustUsername"  being released .... as that is what the SP is trying
> to MAP to username.   As you can see in the SAML trace "uid" is being
> released  if I try to have the SP map their username to "uid"... it doesn't
> recognize it .. I was thinking it didn't recognize "uid" since it wasn't a
> persistent nameid attribute .....which is why I created the
> "BeyondTrustUsername" attribute. .. which does not appear to be released.
>
> Thanks for your input  and patience with my explanations.  I'm fairly
> certain I'm confusing some with my incorrect use of terminology and making
> inaccurate assumptions.   I must be misunderstanding how the NameId format
> and release of attributes actually work.   Any other input is appreciated.
>
>
> Brad Mathis
> IT Systems Architect
> Infrastructure Services - Applications
> Pima Community College
> 520.206.4826
> bmathis at pima.edu
>
>
>
>
>
>
>
> On Wed, Apr 8, 2020 at 8:57 AM Mak, Steve <makst at upenn.edu> wrote:
>
>> It's right here:
>>
>>
>> <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameQualifier="
>> https://idp.pima.edu/idp/shibboleth" SPNameQualifier="
>> https://pima.beyondtrustcloud.com">trename01</saml2:NameID>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> For Consortium Member technical support, see
>> https://wiki.shibboleth.net/confluence/x/coFAAg
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200408/0dd8dad7/attachment.html>

More information about the users mailing list