Versions Compared

Old Version 3

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  1. Create an attribute definition to use as the basis of the identifier. This can be done directly on top of a raw source attribute or a higher-level attribute definition. The IdPAddAttribute topic includes information on this step.
  2. Attach SAML 1 Name Identifier and/or SAML 2 NameID attribute encoders to the attribute definition.
Code Block
xml
xml
titleCustom Name Identifier Attribute Definitionxml
<resolver:AttributeDefinition id="customId" xsi:type="Simple" sourceAttributeID="uid"
xmlns="urn:mace:shibboleth:2.0:resolver:ad">

<resolver:Dependency ref="DEFINITION_ID_1" />

<resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />

<resolver:AttributeEncoder xsi:type="SAML2StringNameID"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />

</resolver:AttributeDefinition>

...

Finally, define an attribute filter policy that releases the internal attribute to the intended relying parties.

Code Block
xml
xml
titleAttribute Filter Policy Releasing Transient ID to Anyonexml
<AttributeFilterPolicy id="releaseCustomIdToPartner">

<PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://sp.example.org/shibboleth" />

<AttributeRule attributeID="customId">
    <PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>

</AttributeFilterPolicy>