Set NameID to Principal name
Abhishek Chouksey
abhishekchouksey10 at gmail.com
Fri Dec 4 11:32:17 UTC 2020
Hi,
I am new to shibboleth and trying to perform IDP initiated SSO
My SP metadata file contain these attribute :
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
=>does it means that my SP is accepting email address as nameIDFormat?
and in my IDP attribute-resolver.xml :
<!--Name Identifier related attributes -->
<resolver:AttributeDefinition id="transientId"
xsi:type="ad:TransientId">
<resolver:AttributeEncoder xsi:type="enc:SAML1StringNameIdentifier"
nameFormat="urn:mace:shibboleth:1.0:nameIdentifier"/>
<resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID"
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</resolver:AttributeDefinition>
so when request is made in saml tracer I can see that nameID is set to some
encoded string
Issuer = https://<xyz>/idp/shibboleth
Subject = _8a6f5377a471fc24182dfa02ea194b43
NameID = _8a6f5377a471fc24182dfa02ea194b43
=>IS this due to Transient?
=>So how can I make my nameID field to be set as my principal name like
xyz at domain.com because my SP is using nameID as username during access I
guess?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201204/a228f773/attachment.htm>
More information about the users
mailing list