/
SAML2PersistentIDAttributeDefinition

The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

SAML2PersistentIDAttributeDefinition

Jan 03, 2007

Configuring a SAML 2 Persistent ID Attribute Definition

This plugin provides a very basic implementation of SAML 2.0 persistent identifiers. It creates these by hashing the user's principal ID, service provider ID, and a salt. This provides an opaque identifier, unique to each principal/service provider tuple.

Configuring the Definition

  1. Create a SAML2PersistentID element with its id attribute and the following attribute:

    • sourceName - the name of the attribute

  2. Create a Salt element, child of SAML2PersistentID, whose content is a 16 or more character secret. You may wish to place this data in a CDATA section to ensure this string does not interfere with the XML processing.

Example Configuration

<SAML2PersistentID id="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" sourceName="guid"> <DataConnectorDependency requires="directory"/> <Salt><![CDATA[f83(k4K*397ke.2d9vD8214+-]]></Salt> </SAML2PersistentID>

Advanced Configuration

You may also use an existing secret key, stored in a Java keystore, as the salt. To do this remove the content of the Salt element and add the following attributes:

  • keyStorePath - the full path to the java keystore file

  • keyStorePassword - the password of the key store

  • keyStoreKeyAlias - the alias/name of the secret key in the key store

  • keyStoreKeyPassword - the password used to decrypt the secret key