By: shikha Mishra user 01 Aug 2017 at 3:54 a.m. CDT

7 Responses

We are trying to integrate Gluu Server with ServiceNow and ServiceNow is not able to get NameID from SAML response. How to add nameId format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress in Gluu IDP.

CentOS65

closed

By Mohib Zico staff 01 Aug 2017 at 3:55 a.m. CDT

Copy

"How to create NameID" is available in our doc.

By shikha Mishra user 01 Aug 2017 at 5:17 a.m. CDT

Copy

I tired to follow https://gluu.org/docs/ce/3.0.1/integration/saas/dropbox/. IS there any other document ?

By shikha Mishra user 01 Aug 2017 at 5:43 a.m. CDT

Copy

I modified /opt/gluu/jetty/identity/conf/shibboleth3/idp/attribute-resolver.xml.vm. however, this is not working. Please check below content. ``` <?xml version="1.0" encoding="UTF-8"?> <resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc" xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">    #foreach( $attribute in $attrParams.attributes ) #if( ! ($attribute.name.equals('transientId') or $attribute.name.equals('persistentId') or $attribute.name.equals('mail')) ) #if($attribute.name.equals('eppnForNIH')) <resolver:AttributeDefinition id="mail" xsi:type="ad:PrincipalName" xmlns="urn:mace:shibboleth:2.0:resolver:ad" sourceAttributeID="mail"> <resolver:Dependency ref="siteLDAP" /> <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> </resolver:AttributeDefinition> <resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> <resolver:AttributeDefinition id="eduPersonPrincipalName" xsi:type="ad:Scoped" scope="%{idp.scope}" sourceAttributeID="uid"> <resolver:Dependency ref="siteLDAP" /> <resolver:AttributeEncoder xsi:type="enc:SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" /> </resolver:AttributeDefinition> else <resolver:AttributeDefinition xsi:type="ad:Simple" id="$attribute.name" sourceAttributeID="$attribute.name"> <resolver:Dependency ref="siteLDAP" /> <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="$attrParams.attributeSAML2Strings.get($attribute.name)" friendlyName="$attribute.name" encodeType="false" /> </resolver:AttributeDefinition> #end #end #end    <resolver:DataConnector id="siteLDAP" xsi:type="dc:LDAPDirectory" ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}" baseDN="%{idp.attribute.resolver.LDAP.baseDN}" principal="%{idp.attribute.resolver.LDAP.bindDN}" principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}" useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"> <dc:FilterTemplate> <![CDATA[ (uid=$requestContext.principalName) ]]> </dc:FilterTemplate>  <dc:StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="sec:X509ResourceBacked"> <sec:Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</sec:Certificate> </dc:StartTLSTrustCredential> </resolver:DataConnector> </resolver:AttributeResolver> ```

By Mohib Zico staff 01 Aug 2017 at 6:35 a.m. CDT

Copy

That is wrong. Creating nameID is under: Administrative Guide -> Attributes.

By shikha Mishra user 01 Aug 2017 at 7:41 a.m. CDT

Copy

I followed Administrative Guide -> Attributes. attribute-resolver.xml is empty now which is located at /opt/shibboleth-idp/conf. Can you send me sample file for /opt/gluu/jetty/identity/conf/shibboleth3/idp/attribute-resolver.xml.vm My objective is to add urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

By Mohib Zico staff 01 Aug 2017 at 7:45 a.m. CDT

Copy

'attribute-resolver.xml' empty means.. there is some syntax error. 'idp-process.log' should have indication with line number of that error.

By shikha Mishra user 02 Aug 2017 at 1:39 a.m. CDT

Copy

Hi Mohib, I was able to add nameId format. Thanks for the information.

You need to Login in order to post an answer

NameIDFormat

By: shikha Mishra user 01 Aug 2017 at 3:54 a.m. CDT

Answers

By Mohib Zico staff 01 Aug 2017 at 3:55 a.m. CDT

By shikha Mishra user 01 Aug 2017 at 5:17 a.m. CDT

By shikha Mishra user 01 Aug 2017 at 5:43 a.m. CDT

By Mohib Zico staff 01 Aug 2017 at 6:35 a.m. CDT

By shikha Mishra user 01 Aug 2017 at 7:41 a.m. CDT

By Mohib Zico staff 01 Aug 2017 at 7:45 a.m. CDT

By shikha Mishra user 02 Aug 2017 at 1:39 a.m. CDT

Post an answer