Problem with urn:oasis:names:tc:SAML:2.0:nameid-format:persistent?

Nate Klingenstein ndk at
Sat Jan 9 20:36:21 UTC 2021


If you only have AD and you don't have a database available to you, you'll need to use the hash-based Computed ID solution, and if your salt is different from the old one, all the associations made with all SP's using persistent NameID's will break.  That's about all.

So, yes, just uncomment the persistent generation bean in saml-nameid.xml and configure the appropriate properties in, and clean up the old configuration in attribute-filter.xml and attribute-resolver.xml.

Best regards,

Signet, Inc.
The Art of Access ®

> so for the record.
> we have the IDP4 in a combination with a Microsoft AD LDAP. We want to use the AD users.
> So – when i understand  you right – i just configuration the
> saml-nameid*xml/properties File to create the SAML2PersistentGenerator for my IDP?

More information about the users mailing list