AttributeDefinition xsi:type = SAML2NameID

Cantor, Scott cantor.2 at
Tue Oct 18 19:09:58 UTC 2022

We have not supported that feature for many releases and it may yet be removed. SPs do not want or support attributes with non-string values and you should avoid producing them. There are no modern formulations of eduPersonTargetedID and all of its broken, horrible variations that require that approach. Even when it's bad, it's not that bad.

>    When I use the aacli command on many of our InCommon Federation 
> member entityIDs that are getting our Default attribute payload, the
> saml2:Subject NameID Format seems to mostly be transient value.

That is not what this is. A NameID is a reserved element in the assertion that is not an Attribute, and is in the Subject. That AttributeEncoder produces SAML Attributes whose AttributeValue *contains* a NameID element inside it. That's a different thing.

It was a bad idea that never should have been proposed or implemented and it is done, dead, over. It was done primarily as a way to retrofit something from SAML 2.0 into SAML 1.1, and that's no longer a consideration.

-- Scott

More information about the users mailing list