...
The attribute value is therefore opaque and unique per user, per relying party, suitable for use as a SAML "persistent" NameID or "pairwise-id" Subject Attribute and OpenID “sub” claim.
In advanced scenarios, the input to the hash can vary from the requester's identity to a different value that may be associated with the requester, allowing for multiple requesters to receive the same value. This is all "internal" to the system and is not part of the configuration of the connector, it simply does the right thing in these cases.
Reference
Localtabgroupexpand |
---|
Localtab live |
---|
title | Specific XML Attributes |
---|
|
Name | Type | Req? | Default | Description |
---|
generatedAttributeID | string | | ID of the connector | The id of the IdPAttribute that is produced | salt | OR encodedSalt saltLookupStrategyRef 4.3
| string | Y | A salt, of at least 16 bytes, used in the computation. Must be directly provided or in a base64-encoded form, but one must be set. The encoded option allows for binary characters, whitespace, or other difficult to capture content in the salt | One of thse attributes must be supplied to act as a source of salt values for the computation. Only one of salt or encodedSalt may be set, and provide for a global/default value to use. At least 16 bytes is required, and the encoded variant allows binary or whitespace to be used via base64 encoding. The saltLookupStrategyRef attribute may reference a bean of type BiFunction<ProfileRequestContext,PairwiseId> that may be used to derive a salt value dynamically. These settings may be combined to allow a dynamic salt to override a global default, and if the strategy returns a null, then generation is blocked. The exceptionMapRef feature overrides both. | encoding
| string | | BASE64 | Controls the eventual text encoding of the value, this should be set to "BASE32" for new deployments (see the warning box about case sensitivity under PersistentNameIDGenerationConfiguration) | algorithm | string | | SHA | Controls the digest algorithm applied | exceptionMapRef | Bean ID | |
| References a Spring bean defining a map of exception overrides for altering salt or suppressing generation of IDs for users and services. See the "Sparse Overrides" section in the PersistentNameIDGenerationConfiguration topic. |
localtab-live |
Expand |
---|
title | Common XML Attributes |
---|
|
Include Page |
---|
| DataConnectorCommonAttributes |
---|
| DataConnectorCommonAttributes |
---|
| localtab-live
|
Expand |
---|
|
Include Page |
---|
| DataConnectorCommonChildElements |
---|
| DataConnectorCommonChildElements |
---|
|
|
...