Problem with urn:oasis:names:tc:SAML:2.0:nameid-format:persistent?
Nate Klingenstein
ndk at signet.id
Sat Jan 9 20:36:21 UTC 2021
Phil,
If you only have AD and you don't have a database available to you, you'll need to use the hash-based Computed ID solution, and if your salt is different from the old one, all the associations made with all SP's using persistent NameID's will break. That's about all.
So, yes, just uncomment the persistent generation bean in saml-nameid.xml and configure the appropriate properties in saml-nameid.properties, and clean up the old configuration in attribute-filter.xml and attribute-resolver.xml.
Best regards,
Nate.
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
> so for the record.
>
> we have the IDP4 in a combination with a Microsoft AD LDAP. We want to use the AD users.
>
> So – when i understand you right – i just configuration the
> saml-nameid*xml/properties File to create the SAML2PersistentGenerator for my IDP?
More information about the users
mailing list