Hi Robert,
Thanks for your reply below - that would seem to be a great suggestion. Can I ask; would this be the "recommended" way to do this (as of course it starts to move away from something being depreciated). Or is it preferable the storedId data connector continue to be used for the time being?
Keith Carr
Senior Developer
St. George's, University Of London
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Robert Bradley
Sent: 16 February 2017 18:27
To: [log in to unmask]
Subject: Re: IdPv3 eduPersonTargetedID
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 16/02/17 17:40, Keith Carr wrote:
> My question is this:- Is there a way to produce the
> eduPersonTargetedID attribute using the new persistent
> NameIdGeneration method (rather than using the "old"
> data-connector-in-the-"attribute-resolver"-file method)? After all,
> the values held in the database are the same. So can I use the
> saml-nameid.properties and saml-nameid.xml files and link the
> resultant NameId to output as the eduPersonTargetedID attribute in the
> SAML?
>
An attribute-resolver.xml config like this should work, assuming a plaintext salt with no unusual characters:
<resolver:AttributeDefinition
id="eduPersonTargetedID"
xsi:type="ad:SAML2NameID"
sourceAttributeID="computedId"
nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
<resolver:Dependency ref="computedId"/>
<resolver:DisplayName xml:lang="en">Targeted ID</resolver:DisplayName>
<resolver:AttributeEncoder
xsi:type="enc:SAML1XMLObject"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"/>
<resolver:AttributeEncoder
xsi:type="enc:SAML2XMLObject"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
friendlyName="eduPersonTargetedID"/>
</resolver:AttributeDefinition>
<resolver:DataConnector
id="computedId"
xsi:type="dc:ComputedId"
sourceAttributeID="%{idp.persistentId.sourceAttribute}"
salt="%{idp.persistentId.salt}">
<resolver:Dependency ref="%{idp.persistentId.sourceAttribute}"/>
</resolver:DataConnector>
This would pick up the salt value from saml-nameid.properties.
- --
Dr Robert Bradley
Identity and Access Management Team, IT Services, University of Oxford -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJYpe7iAAoJEJRhp8p2r+O+UbgP/RLEaBzt+zNBGeZuGFYR4NL8
XLq7jLdRyElPkMqYvNNdxiPoCLq7s5gvo9xwlYXjPGMXecPXyBD2hvrM0Ze7tl5E
ICqXIgYfJFK1UGgz3kw1RywxR2j/AAjz33PMTV8H7hEOL2vhWaQ23IJEG7PwvOPk
nJ+or/qnp3x8T6r9sfqYN0h6YsKVU9HZ7iS3wFoFaza5F6XfHZrzBar8oDxYu1k+
4ZJPIzViQmv7ejwU6MNRdDMimgKHEiFQDuEZdCEfI1wM2QdZ/uz8d60rvWS89DC8
oqMBts9vCgUyxF0Y+dqsye1DXvwi6PL728n6eyElKprRYeZGw7+iUOPBYm+8TAVO
hQX96za+jioziknSt3SibMQ9Wnuh9hwp4/uoYj5xNBdcL5g6byarLGELBcieZhXv
RnsnUrobJo3CDfcIU1RRuf8yMPbuHxszzp0i15kAxQpWJfjnFqHluf+iLE1akw0n
R8yLl7nkfxkAs+ow+4cbXphNQiDbzGdZPZo0v0HB1DQv0s4tU3/qWLXABzZ0eXvm
5ClvYV92vY0apR45YDf89Y1j1ZYi4DRB4CUo9tqEyQ3TyucH31rlxYcHy11jYa2/
BdVcMCFA87Vr8osB+m+ty9u+WcCFjMV10dThPHp00fPbz7lLcywqaOwWk2pgwl1n
12BqgNU8d1vNT7iyq0bM
=KHB2
-----END PGP SIGNATURE-----
