Set NameID to Principal name

Ray Bon rbon at uvic.ca
Tue Dec 8 16:41:01 UTC 2020 

Abhishek,

See these docs on nameid, https://wiki.shibboleth.net/confluence/display/IDP4/NameIDGenerationConfiguration

Ray

On Fri, 2020-12-04 at 17:02 +0530, Abhishek Chouksey wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Hi,
I am new to shibboleth and trying to perform IDP initiated SSO

My SP metadata file contain these attribute :
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

=>does it means that my SP is accepting email address as nameIDFormat?

and in my IDP attribute-resolver.xml :

 <!--Name Identifier related attributes -->
    <resolver:AttributeDefinition id="transientId" xsi:type="ad:TransientId">
        <resolver:AttributeEncoder xsi:type="enc:SAML1StringNameIdentifier" nameFormat="urn:mace:shibboleth:1.0:nameIdentifier"/>
        <resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID" nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
    </resolver:AttributeDefinition>

so when request is made in saml tracer I can see that nameID is set to some encoded string
Issuer                      = https://<xyz>/idp/shibboleth
Subject                     = _8a6f5377a471fc24182dfa02ea194b43
NameID                      = _8a6f5377a471fc24182dfa02ea194b43

=>IS this due to Transient?

=>So how can I make my nameID field to be set as my principal name like xyz at domain.com<mailto:xyz at domain.com> because my SP is using nameID as username during access I guess?

--

Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rbon at uvic.ca<mailto:rbon at uvic.ca>

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201208/5599e963/attachment.htm>

More information about the users mailing list