...
The ComputedId
DataConnector generates a single-valued IdPAttribute from the (usually SHA-1) digest of a requester's name (in SAML, an entityID), a source attribute value, and a salt that must be kept secret to prevent off-line generation of the hashes to recover the underlying attribute value.
...
Expand |
---|
title | Specific XML Attributes |
---|
|
Name | Type | Req? | Default | Description |
---|
generatedAttributeID | string | | ID of the connector | The id of the IdPAttribute that is produced | salt encodedSalt saltLookupStrategyRef | string | Y | | One of thse attributes must be supplied to act as a source of salt values for the computation. Only one of salt or encodedSalt may be set, and provide for a global/default value to use. At least 16 bytes is required, and the encoded variant allows binary or whitespace to be used via base64 encoding. The saltLookupStrategyRef attribute may reference a bean of type BiFunction<ProfileRequestContext,PairwiseId> that may be used to derive a salt value dynamically. These settings may be combined to allow a dynamic salt to override a global default, and if the strategy returns a null, then generation is blocked. The exceptionMapRef feature overrides both. | encoding
| string | | BASE64 | Controls the eventual text encoding of the value, this should be set to "BASE32" for new deployments (see the warning box about case sensitivity under PersistentNameIDGenerationConfiguration) | algorithm | string | | SHA | Controls the digest algorithm applied | exceptionMapRef | Bean ID | |
| References a Spring bean defining a map of exception overrides for altering salt or suppressing generation of IDs for users and services. See the "Sparse Overrides" section in the PersistentNameIDGenerationConfiguration topic. |
|
...