How to get SAML Response from Gluu acting as IDP with saml:Subject/saml:NameID value

By: Won Kim user 02 Mar 2017 at 2:50 p.m. CST

6 Responses
Won Kim gravatar
I am using SimpleSamlPhp on a drupal website to hit a gluu server acting as an IDP. I am getting an error on the Drupal site because the Gluu Server IDP is responding back with no saml:Subject/saml:NameID value. What do I need to do to configure the gluu server to respond back with the NameID in the saml:Subject tag.
U1404
closed

Answers

By William Lowe user 02 Mar 2017 at 2:53 p.m. CST

Copy
William Lowe gravatar
Won, It would be easier to use the [oxd plugin for Drupal](https://gluu.org/docs/oxd/plugin/drupal/). Thanks, Will

By Won Kim user 02 Mar 2017 at 4:54 p.m. CST

Copy
Won Kim gravatar
I can look into that...but if we had to use SAML is there a way to configure the response to contain the NameID in the saml:Subject?

By Aliaksandr Samuseu staff 03 Mar 2017 at 7:59 a.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Won. The easiest way to make Gluu to send nameid is to add attribute `TransientId` to the list of released attributes in TR's settings. This will make it to release nameid of type `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`.

By Won Kim user 03 Mar 2017 at 12:24 p.m. CST

Copy
Won Kim gravatar
Ok setting the transientId in the TR and requesting in the AuthnRequest to be either transient or unspecified does return NameId in the Subject, but it is an obscure guid string. Is there any way to get either the username or email address in the NameId subject? Or is this the only way to populate the NameId?

By William Lowe user 03 Mar 2017 at 1:59 p.m. CST

Copy
William Lowe gravatar
Hi Won, Did you review this section of the docs?[https://gluu.org/docs/ce/3.0.1/admin-guide/saml/#custom-nameid](https://gluu.org/docs/ce/3.0.1/admin-guide/saml/#custom-nameid). Thanks, Will

By Michael Schwartz Account Admin 10 Mar 2017 at 4:26 p.m. CST

Copy
Michael Schwartz gravatar
This is a feature that was originally scheduled for 3.0, but got pushed out to 3.1. Stay tuned.... right now if you want to use a nameID other than transientID, you can do so by creating a custom template in the XML. But not through the GUI.

Post an answer