Crypto Transient ID Attribute Definition
Available in version 2IdP 2.3 and later, this attribute definition produces a cryptographically verifiable opaque identifier that can later be mapped back to the user by a CryptoTransient principal connector. Using cryptographic transient identifiers allows multiple IdP nodes that share a symmetric key to produce and consume identifiers without sharing state. This is part of a stateless clustering solution.
...
A crypto transient ID attribute definition starts with the same <resolver:AttributeDefinition>
element as all other attribute definitions and has a type attribute of xsi:type="ad:CryptoTransientId"
. Each definition must also have an id
attribute that assigns it an unique identifier (i.e., unique among all attribute definitions, identifier ) used to refer to defintion the definition within the rest of the attribute resolver configuration.
It The <resolver:AttributeDefinition>
element must also contain a dataSealerRef
attribute that identifies a DataSealer Spring-configured bean. It may also contain a lifetime
attribute controlling the length of time the identifier will be valid. This time limit is also encrypted into the value.
...