Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The ComputedId DataConnector generates a single-valued IdPAttribute from the (usually SHA-1) digest of a requester's name (in SAML, an entityID), a source attribute value, and a salt that must be kept secret to prevent off-line generation of the hashes to recover the underlying attribute value.

...

Expand
titleSpecific XML Attributes

Name

Type

Req?

Default

Description

generatedAttributeID

string     

ID of the connector

The id of the IdPAttribute that is produced

salt
encodedSalt
saltLookupStrategyRef

string

Y

One of thse attributes must be supplied to act as a source of salt values for the computation. Only one of salt or encodedSalt may be set, and provide for a global/default value to use. At least 16 bytes is required, and the encoded variant allows binary or whitespace to be used via base64 encoding.

The saltLookupStrategyRef attribute may reference a bean of type BiFunction<ProfileRequestContext,PairwiseId> that may be used to derive a salt value dynamically.

These settings may be combined to allow a dynamic salt to override a global default, and if the strategy returns a null, then generation is blocked. The exceptionMapRef feature overrides both.

encoding

string

BASE64

Controls the eventual text encoding of the value, this should be set to "BASE32" for new deployments (see the warning box about case sensitivity under PersistentNameIDGenerationConfiguration)

algorithm

string

SHA

Controls the digest algorithm applied

exceptionMapRef

Bean ID


References a Spring bean defining a map of exception overrides for altering salt or suppressing generation of IDs for users and services. See the "Sparse Overrides" section in the PersistentNameIDGenerationConfiguration topic.

...