-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 16/02/17 17:40, Keith Carr wrote:
> My question is this:- Is there a way to produce the
> eduPersonTargetedID attribute using the new persistent
> NameIdGeneration method (rather than using the "old"
> data-connector-in-the-"attribute-resolver"-file method)? After
> all, the values held in the database are the same. So can I use
> the saml-nameid.properties and saml-nameid.xml files and link the
> resultant NameId to output as the eduPersonTargetedID attribute in
> the SAML?
>
An attribute-resolver.xml config like this should work, assuming a
plaintext salt with no unusual characters:
<resolver:AttributeDefinition
id="eduPersonTargetedID"
xsi:type="ad:SAML2NameID"
sourceAttributeID="computedId"
nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
<resolver:Dependency ref="computedId"/>
<resolver:DisplayName xml:lang="en">Targeted ID</resolver:DisplayName>
<resolver:AttributeEncoder
xsi:type="enc:SAML1XMLObject"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"/>
<resolver:AttributeEncoder
xsi:type="enc:SAML2XMLObject"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
friendlyName="eduPersonTargetedID"/>
</resolver:AttributeDefinition>
<resolver:DataConnector
id="computedId"
xsi:type="dc:ComputedId"
sourceAttributeID="%{idp.persistentId.sourceAttribute}"
salt="%{idp.persistentId.salt}">
<resolver:Dependency ref="%{idp.persistentId.sourceAttribute}"/>
</resolver:DataConnector>
This would pick up the salt value from saml-nameid.properties.
- --
Dr Robert Bradley
Identity and Access Management Team, IT Services, University of Oxford
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJYpe7iAAoJEJRhp8p2r+O+UbgP/RLEaBzt+zNBGeZuGFYR4NL8
XLq7jLdRyElPkMqYvNNdxiPoCLq7s5gvo9xwlYXjPGMXecPXyBD2hvrM0Ze7tl5E
ICqXIgYfJFK1UGgz3kw1RywxR2j/AAjz33PMTV8H7hEOL2vhWaQ23IJEG7PwvOPk
nJ+or/qnp3x8T6r9sfqYN0h6YsKVU9HZ7iS3wFoFaza5F6XfHZrzBar8oDxYu1k+
4ZJPIzViQmv7ejwU6MNRdDMimgKHEiFQDuEZdCEfI1wM2QdZ/uz8d60rvWS89DC8
oqMBts9vCgUyxF0Y+dqsye1DXvwi6PL728n6eyElKprRYeZGw7+iUOPBYm+8TAVO
hQX96za+jioziknSt3SibMQ9Wnuh9hwp4/uoYj5xNBdcL5g6byarLGELBcieZhXv
RnsnUrobJo3CDfcIU1RRuf8yMPbuHxszzp0i15kAxQpWJfjnFqHluf+iLE1akw0n
R8yLl7nkfxkAs+ow+4cbXphNQiDbzGdZPZo0v0HB1DQv0s4tU3/qWLXABzZ0eXvm
5ClvYV92vY0apR45YDf89Y1j1ZYi4DRB4CUo9tqEyQ3TyucH31rlxYcHy11jYa2/
BdVcMCFA87Vr8osB+m+ty9u+WcCFjMV10dThPHp00fPbz7lLcywqaOwWk2pgwl1n
12BqgNU8d1vNT7iyq0bM
=KHB2
-----END PGP SIGNATURE-----
|