Transient Principal Connector

The transient principal connector determines the principal associated with a name identifier by looking up the principal in the mapping established by the transient ID attribute definition. If the name identifier was not generated by this attribute definition, then the resolution of the principal name will fail.

Define the Connector

The connector is defined with the element <resolver:PrincipalConnector xsi:type="pc:Transient" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"> with the following required attribute:

id - assigns a unique, within the resolver, identifier
nameIDFormat - the name identifier format handled by this principal connector

Transient Principal Connector Example

<resolver:PrincipalConnector id="SAML1_UNIQUE_ID" xsi:type="pc:Transient" 
                             nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier"/>

 
<resolver:PrincipalConnector id="SAML2_UNIQUE_ID" xsi:type="pc:Transient" 
                             nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />

Since SAML 1 and SAML 2 use two different names to refer to a transient identifier two principal connectors usually need to be defined. One with a name format of urn:mace:shibboleth:1.0:nameIdentifier and the other with a name format of urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Browser not supported