Storing persistentId using an HTTP DataConnector
Nate Klingenstein
ndk at signet.id
Tue Nov 8 17:12:11 UTC 2022
SPF,
You probably want to leave the default as transient, because that is what will apply for service providers that have nothing in particular specified for them.
For this scenario, you could add the preferred format to their metadata, which is probably the best way, they could add it to their AuthnRequests, or you can explicitly put in a relying party definition. It'll follow the selection pattern described in the documentation.
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
Let me know if you need any more specific assistance,
Nate
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
-----Original message-----
From: spf via users
Sent: Tuesday, November 8 2022, 9:54 am
To: users at shibboleth.net
Cc: spfma.tech at e.mail.fr
Subject: Re: Storing persistentId using an HTTP DataConnector
Thank you and Nate.
In fact, I am just a bit dumb and/or blind : I have read these pages a couple of times, edited my saml-nameid.* files even more.
But if I am not able to spot "#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient", what to do ?
So with "idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" I get the expected result !
Regards
Le 08-Nov-2022 16:56:13 +0100, users at shibboleth.net a écrit:
* spf via users <users at shibboleth.net <mailto:users at shibboleth.net>> [2022-11-08 16:30]:
> The only thing I can't undersand for now is how to have a persistent
> NameID in the SAML assertions. If the SAML2PersistentGenerator only
> is enabled, there is even no subject. But if SAML2TransientGenerator
> or both are enabled, I have a
In my conf/saml-nameid.xml within <util:list
id="shibboleth.SAML2NameIDGenerators"> I have multiple *Generator
elements, all "active" in the configuration and used when needed
(based on the NameID selection process Nate pointed you to):
<util:list id="shibboleth.SAML2NameIDGenerators">
<ref bean="shibboleth.SAML2TransientGenerator" />
<ref bean="shibboleth.SAML2PersistentGenerator" />
<bean parent="shibboleth.SAML2AttributeSourcedGenerator" ...
<bean parent="shibboleth.SAML2AttributeSourcedGenerator" ...
<bean parent="shibboleth.SAML2AttributeSourcedGenerator" ...
</util:list>
HTH,
-peter
--
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw <https://shibboleth.atlassian.net/wiki/x/ZYEpPw>
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net <mailto:users-unsubscribe at shibboleth.net>
-----------
FreeMail powered by mail.fr <https://mail.fr>
--
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list