Weird issue with SAML-NAMEID.xml

Melvin Lasky melvin.lasky at manhattan.edu
Fri Jun 3 17:38:37 UTC 2022 

Hey everyone,
	I’m trying to set up Shibboleth to send my ldap mail attribute as the NameID. I have done this numerous times in the past, (Duo, Google, etc). I am on Shib 4.2.1

I’m trying to do this for another service I have, and its just not picking it up. It's still setting it to that transient value instead of the email address.

This is what I see when I am looking at the SAML Tracer

<saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://ouridp.manhattan.edu/idp/shibboleth" SPNameQualifier="https://newservice.manhattan.edu" >AAdzZWNyZXQxnM6TnkY/+ufCfBrZwVFdw6zBuL+LUuQ+d8PP2m15ucjEG2J0ehNdxu4agkdYgt6zJRaH6su8V3tDaPwOBYYVFjNGVO3+m9EAYBrZqfLsjnCLfXANppwVvc3iEeqQiH3s9qIM5FBtuB/notE=</saml2:NameID>

In my saml-nameid.xml

I have the following

       <bean parent="shibboleth.SAML2AttributeSourcedGenerator"
           p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
           p:attributeSourceIds="#{ {'mail'} }" >
           <property name="activationCondition" >
                <bean parent="shibboleth.Conditions.RelyingPartyId" c:candidate="https://newservice.manhattan.edu" />
           </property>
       </bean>

What am I doing wrong that it’s not picking up this one in particular but the rest work fine. For instance, the one I have above it is the Google entry and that works no problem.

I made sure it wasn’t in a commented section of code LOL. 

Also, it’s entityID is: spEntityId: https://newservice.manhattan.edu

Any suggestions on whats going wrong here and why my IDP is not sending back the correct NameID? Like I said, I’m really at a loss here.

Everything looks completely correct on my side.

Thanks for any assistance you may be able to offer.


Melvin Lasky
Associate Director of Enterprise Architecture





Riverdale, NY 10471
Phone: 718-862-7410
melvin.lasky at manhattan.edu
www.manhattan.edu


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220603/771246d5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.jpeg
Type: image/jpeg
Size: 3547 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20220603/771246d5/attachment.jpeg>

More information about the users mailing list