Use NameIDFormat - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

By: Neemesh Patel user 15 Apr 2016 at 4:16 a.m. CDT

3 Responses
Neemesh Patel gravatar
I've now managed to get the IdP to send a SAML assertion to the SP I'm using (IBM domino), my next problem is mapping the SP user account to the logged in IdP account. On the previous IdP system we were testing (simpleSAMLPHP), I needed to change the nameIDFormat to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and include the common mail address in the SAML assertion (which is common between the IdP and the SP so they can be matched to one another). Could anyone shed any guidance on how I do this in Gluu so that the IdP sends the SP the mail address and the nameIDFormat urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress? A bit of background information in case it is needed:- - I am using "/idp/profile/SAML2/Unsolicited/SSO" single sign on service - At the moment I am using a user account to test with which I created from within Gluu itslef (so I believe that created the user directly in openDJ). Later I will be linking this to an external ldap server for pulling in users. Thanks again for all the support and patience whilst I am getting my head around this and learning Gluu/SSO!
None
closed

Answers

By Mohib Zico Account Admin 15 Apr 2016 at 4:24 a.m. CDT

Copy
Mohib Zico gravatar
Creating custom NameID with Gluu Server oxTrust ( the GUI ) is still not supported. We are planning to release a public doc which will show how to create custom NameID in Gluu Server. I think till then you can take a look at Shibboleth documentation on how to configure custom NameID in IDP.

By William Lowe user 15 Apr 2016 at 10:01 a.m. CDT

Copy
William Lowe gravatar
Hey Neemesh, [Here is the doc](https://wiki.shibboleth.net/confluence/display/SHIB2/IdPCustomNameIdentifier) that Zico was referring to. Thanks, Will

By Neemesh Patel user 18 Apr 2016 at 8:01 a.m. CDT

Copy
Neemesh Patel gravatar
Hi, Sorry for the late reply, I've only just had some time allocated to look into this. It looks like if I add anything to /opt/idp/conf/attribute-resolver.xml or attribute-resolver.xml in the same directory, it is lost after Gluu restarts. These are the two files I need to edit according to the shibboleth page linked. I am assuming this is because this file is rebuilt on a server start? Could you clarify how I should add in these configuration changes so they are persistent through reboots/restarts of services? Thanks

Post an answer