Versions Compared

Old Version 18

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 19

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Current File(s): conf/saml-nameid.xml, conf/saml-nameid.properties
Format: Native Spring

Table of Contents

Overview

Generation of SAML NameIdentifier/NameID content is handled by the NameIdentifierGeneration service. See the NameIdentifiers topic for a general discussion of name identifiers and a list of specific examples.

...

The default configuration also demonstrates how to generate a custom identifier using an arbitrary Format based on an attribute from the attribute resolution process. This plugin also has the capability of selecting the first value present from a list of possible source attributes.

Tip

In summary:

  • Support for "transient" identifiers is automatic.

  • If you want "persistent" / pair-wise support, see below.

  • If you want custom values, see below.

If you're getting unexpected results, approach the debugging from the perspective of the algorithm: identify which Formats should be getting tried (as indicated by the log), and examine each generator in order to see if it would be expected to produce a given Format.

...

See the CustomNameIDGenerationConfiguration subtopic for detailed help with this feature.

Reference

Localtabgroup
Localtab live
activetrue
titleProperties

Properties defined in saml-nameid.properties to customize various aspects of default identifier generation behavior:

Property / Type / Default

Function

idp.transientId.generator

Bean ID of a TransientIdGenerationStrategy

shibboleth.CryptoTransientIdGenerator

Identifies the strategy plugin for generating transient IDs

idp.nameid.saml2.default

URI

urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Default Format to generate if nothing else is indicated

idp.nameid.saml1.default

URI

urn:mace:shibboleth:1.0:nameIdentifier                           

Default Format to generate if nothing else is indicated

Localtab live
titleBeans

Beans defined in saml-nameid.xml and related system configuration discussed above follow:

Bean ID

Type

Function

shibboleth.SAML2NameIDGenerators

List<SAML2NameIDGenerator>

SAML 2 NameID generator plugins to use

shibboleth.SAML1NameIdentifierGenerators

List<SAML1NameIdentifierGenerator>

SAML 1 NameIdentifier generator plugins to use

shibboleth.SAML2TransientGenerator

TransientSAML2NameIDGenerator

Plugins for generating transient identifiers using pluggable strategies

shibboleth.SAML1TransientGenerator

TransientSAML1NameIdentifierGenerator

shibboleth.StoredTransientIdGenerator

TransientIdGenerationStrategy

Strategy plugin that generates transient identifiers randomly and stores them in a server-side StorageService

shibboleth.CryptoTransientIdGenerator

TransientIdGenerationStrategy

Strategy plugin that generates transient identifiers by encrypting a subject identity into a long opaque string