...
The <resolver:AttributeDefinition> element must also contain a dataSealerRef attribute that identifies a DataSealer Spring-configured bean. It may also contain a lifetime attribute controlling the length of time the identifier will be valid. This time limit is encrypted into the value.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<resolver:AttributeDefinition id="cryptoTransientId" xsi:type="ad:CryptoTransientId"
xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
dataSealerRef="shibboleth.TransientIDDataSealer"
lifetime="PT3M">
<resolver:AttributeEncoder xsi:type="encoder:SAML1StringNameIdentifier"
xmlns:encoder="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:mace:shibboleth:1.0:nameIdentifier"/>
<resolver:AttributeEncoder xsi:type="encoder:SAML2StringNameID"
xmlns:encoder="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</resolver:AttributeDefinition>
|
...