Configuring shibboleth SP NameID format persistent
Feinstein, Moses
moses.feinstein at touro.edu
Tue Jun 16 17:50:15 UTC 2020
Can you provide me some pointers regarding how I can configure Shibboleth SP to specify the following during authentication request to idp
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:persistent</NameIDFormat>
Currently, authentication request looks like this (without any NameID format request)
<?xml version='1.0' encoding='UTF-8'?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://host.example.org:11443/Shibboleth.sso/SAML2/POST" Destination="https://idp.example.org:18443/idp/profile/SAML2/Redirect/SSO" ID="_aae5f0a556596fd956f028e0540c275b" IssueInstant="2020-06-16T17:47:21Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://host.example.org:11443/shibboleth</saml:Issuer>
<samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>
Moses Feinstein
Sr. Software / IAM Engineer, App Dev Dept
Touro College and University System
Phone: 646.565.600 x55344
Emaill: moses.feinstein at touro.edu<mailto:moses.feinstein at touro.edu>
500 7th Avenue | New York, NY 10018
[] The information in this e-mail and any attachments is confidential and may be subject to legal professional privilege. It is intended solely for the attention and use of the named addressee(s). If you are not the intended recipient, or person responsible for delivering this information to the intended recipient, please notify the sender immediately. Unless you are the intended recipient or his/her representative you are prohibited from, and therefore must not, read, copy, distribute, use or retain this message or any part of it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200616/a0809e92/attachment.htm>
More information about the users
mailing list