AW: Problem with urn:oasis:names:tc:SAML:2.0:nameid-format:persistent?

philip.nemeth at philip.nemeth at
Sat Jan 9 20:56:11 UTC 2021


thank you very much for your time.

okay i will try it on Monday.
And that our Application use urn:oasis:names:tc:SAML:2.0:nameid-format:persistent should no Problem too with this?

From our Documentation:

„……….. where LDAP is used as authentication backend and the user principal name gets embedded in the NameID tag of the assertion. This example includes attribute encoders which entails that the name identification gets sent the NameID tag of the response and additionally in an attribute with the name urn:oid:1.2.840.113556.1.4.656.“


Von: Nate Klingenstein-5 [via Shibboleth] <ml+s1660669n7648286h81 at>
Gesendet: Samstag, 9. Jänner 2021 21:37
An: philip.nemeth at
Betreff: RE: Problem with urn:oasis:names:tc:SAML:2.0:nameid-format:persistent?


If you only have AD and you don't have a database available to you, you'll need to use the hash-based Computed ID solution, and if your salt is different from the old one, all the associations made with all SP's using persistent NameID's will break.  That's about all.

So, yes, just uncomment the persistent generation bean in saml-nameid.xml and configure the appropriate properties in, and clean up the old configuration in attribute-filter.xml and attribute-resolver.xml.

Best regards,

Signet, Inc.
The Art of Access ®

> so for the record.
> we have the IDP4 in a combination with a Microsoft AD LDAP. We want to use the AD users.
> So – when i understand  you right – i just configuration the
> saml-nameid*xml/properties File to create the SAML2PersistentGenerator for my IDP?

For Consortium Member technical support, see
To unsubscribe from this list send an email to [hidden email]</user/SendEmail.jtp?type=node&node=7648286&i=0>

If you reply to this email, your message will be added to the discussion below:
To unsubscribe from Shibboleth - Users, click here<>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list