The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

ResolverSAML2NameIDAttributeDefinition

Owned by Former user (Deleted)
Last updated: Sept 11, 2008Version comment
2 min read

SAML 2 NameID Attribute Definition

This does not define a <NameID> for use in the <Subject> of the assertion.

This attribute definition creates an attribute whose values are SAML 2 NameIDs. This attribute definition always uses the SP's entity ID as the NameID SPNameQualifier.

1. Create the Definition

The definition is created with the element <resolver:AttributeDefinition xsi:type="SAML2NameID" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> with the following required attributes:

  • id: A unique identifier used within the IdP's resolver and filter to reference this definition.

and an optional attribute:

  • nameIdFormat: Becomes the Format attribute on the created SAML 2 <NameID> element. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
  • nameIdQualifier: Becomes the NameQualifier attribute on the created SAML 2 <NameID> element. Defaults to the IdP's entity ID.
  • sourceAttributeID - the ID of the attribute, from the dependency connectors, used to construct this attribute (default value: ID of this attribute)
  • dependencyOnly: A boolean flag that indicates the attribute produced by this definition is used only by other resolver components and should never be released from the resolver. Defaults to false.
SAML 2 NameID Attribute Definition
<resolver:AttributeDefinition xsi:type="SAML2NameID" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="UNIQUE_ID"
                              sourceAttributeID="ATTRIBUTE_ID">

     <!-- Remaining configuration from the next step goes here -->

</resolver:AttributeDefinition>

2. Define Dependencies

You must express, as a dependency, the attribute definition or data connector that produces the source attribute. Dependencies are declared using a <resolver:Dependency> with a ref attribute whose value is the unique ID of the dependent attribute definition or the data connector.

SAML 2 NameID Attribute Definition with Dependencies
<resolver:AttributeDefinition xsi:type="SAML2NameID" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="UNIQUE_ID"
                              sourceAttributeID="ATTRIBUTE_ID">

     <resolver:Dependency ref="DEFINITION_ID_1" />

</resolver:AttributeDefinition>