Set NameID to Principal name
rbon at uvic.ca
Tue Dec 8 16:41:01 UTC 2020
See these docs on nameid, https://wiki.shibboleth.net/confluence/display/IDP4/NameIDGenerationConfiguration
On Fri, 2020-12-04 at 17:02 +0530, Abhishek Chouksey wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
I am new to shibboleth and trying to perform IDP initiated SSO
My SP metadata file contain these attribute :
=>does it means that my SP is accepting email address as nameIDFormat?
and in my IDP attribute-resolver.xml :
<!--Name Identifier related attributes -->
<resolver:AttributeDefinition id="transientId" xsi:type="ad:TransientId">
<resolver:AttributeEncoder xsi:type="enc:SAML1StringNameIdentifier" nameFormat="urn:mace:shibboleth:1.0:nameIdentifier"/>
<resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID" nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
so when request is made in saml tracer I can see that nameID is set to some encoded string
Issuer = https://<xyz>/idp/shibboleth
Subject = _8a6f5377a471fc24182dfa02ea194b43
NameID = _8a6f5377a471fc24182dfa02ea194b43
=>IS this due to Transient?
=>So how can I make my nameID field to be set as my principal name like xyz at domain.com<mailto:xyz at domain.com> because my SP is using nameID as username during access I guess?
Development Services, University Systems
2507218831 | CLE 019 | rbon at uvic.ca<mailto:rbon at uvic.ca>
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users