AW: Problem with urn:oasis:names:tc:SAML:2.0:nameid-format:persistent?

philip.nemeth at pnem.at philip.nemeth at pnem.at
Sat Jan 9 20:56:11 UTC 2021 

Nate,

thank you very much for your time.

okay i will try it on Monday.
And that our Application use urn:oasis:names:tc:SAML:2.0:nameid-format:persistent should no Problem too with this?

From our Documentation:

„……….. where LDAP is used as authentication backend and the user principal name gets embedded in the NameID tag of the assertion. This example includes attribute encoders which entails that the name identification gets sent the NameID tag of the response and additionally in an attribute with the name urn:oid:1.2.840.113556.1.4.656.“

Greetings,
Phil


Von: Nate Klingenstein-5 [via Shibboleth] <ml+s1660669n7648286h81 at n2.nabble.com>
Gesendet: Samstag, 9. Jänner 2021 21:37
An: philip.nemeth at pnem.at
Betreff: RE: Problem with urn:oasis:names:tc:SAML:2.0:nameid-format:persistent?

Phil,

If you only have AD and you don't have a database available to you, you'll need to use the hash-based Computed ID solution, and if your salt is different from the old one, all the associations made with all SP's using persistent NameID's will break.  That's about all.

So, yes, just uncomment the persistent generation bean in saml-nameid.xml and configure the appropriate properties in saml-nameid.properties, and clean up the old configuration in attribute-filter.xml and attribute-resolver.xml.

Best regards,
Nate.

--------
Signet, Inc.
The Art of Access ®

https://www.signet.id

> so for the record.
>
> we have the IDP4 in a combination with a Microsoft AD LDAP. We want to use the AD users.
>
> So – when i understand  you right – i just configuration the
> saml-nameid*xml/properties File to create the SAML2PersistentGenerator for my IDP?

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]</user/SendEmail.jtp?type=node&node=7648286&i=0>

________________________________
If you reply to this email, your message will be added to the discussion below:
https://shibboleth.1660669.n2.nabble.com/WG-Problem-with-urn-oasis-names-tc-SAML-2-0-nameid-format-persistent-tp7648279p7648286.html
To unsubscribe from Shibboleth - Users, click here<https://shibboleth.1660669.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=1660767&code=cC5uZW1AcG5lbS5hdHwxNjYwNzY3fDEyMzU5NDU2OQ==>.
NAML<https://shibboleth.1660669.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210109/bc98eb2f/attachment.htm>

More information about the users mailing list