AttributeDefinition xsi:type = SAML2NameID
Cantor, Scott
cantor.2 at osu.edu
Tue Oct 18 19:09:58 UTC 2022
We have not supported that feature for many releases and it may yet be removed. SPs do not want or support attributes with non-string values and you should avoid producing them. There are no modern formulations of eduPersonTargetedID and all of its broken, horrible variations that require that approach. Even when it's bad, it's not that bad.
> When I use the aacli command on many of our InCommon Federation
> member entityIDs that are getting our Default attribute payload, the
> saml2:Subject NameID Format seems to mostly be transient value.
That is not what this is. A NameID is a reserved element in the assertion that is not an Attribute, and is in the Subject. That AttributeEncoder produces SAML Attributes whose AttributeValue *contains* a NameID element inside it. That's a different thing.
It was a bad idea that never should have been proposed or implemented and it is done, dead, over. It was done primarily as a way to retrofit something from SAML 2.0 into SAML 1.1, and that's no longer a consideration.
-- Scott
More information about the users
mailing list