custom nameid formats and metadata-driven config
Peter Schober
peter.schober at univie.ac.at
Thu Aug 4 07:16:25 UTC 2022
* Les LaCroix via users <users at shibboleth.net> [2022-08-04 08:09]:
> When I comment that out and put the following in the SP's metadata file,
> the aacli output no longer includes a saml2:Subject:
>
> <md:Extensions>
> <mdattr:EntityAttributes>
> <saml:Attribute Name="
> http://shibboleth.net/ns/profiles/nameIDFormatPrecedence"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>
> <saml:AttributeValue>urn:oid:0.9.2342.19200300.100.1.1</saml:AttributeValue>
> </saml:Attribute>
> </mdattr:EntityAttributes>
> </md:Extensions>
Not an answer to your question but none of the above (metadata-driven
IDP configuration) is necessary to signal what NameID an SP should
recieve: That's covered in plain old SAML 2.0 Metadata itself:
<NameIDFormat>urn:oid:0.9.2342.19200300.100.1.1</NameIDFormat>
HTH,
-peter
More information about the users
mailing list