shibboleth-dev - Re: SAML name identifiers
Subject: Shibboleth Developers
List archive
- From: "Tom Scavo" <>
- To:
- Subject: Re: SAML name identifiers
- Date: Mon, 6 Mar 2006 00:05:54 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=dEEWNn4pzMIceQqd6fQnrH8gQQlMa56JsYuueYe6Hxp7UIqpU/npMbRhOocc4F1RCneD5pzq6f3ywnfXbnHMSykV0aJayWYIx0Bbm/6u1ICn3VVFn77dtC1OJvbI6avJ41+2NRv529KosnV6CsHU6fsFIsxtkF8A+IKa1aRIN14=
On 3/5/06, Tom Scavo
<>
wrote:
>
> <NameMapping
> xmlns="urn:mace:shibboleth:namemapper:1.0"
> id="x509"
> format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
> template="uid=%PRINCIPAL%,o=example.org"
> regex="uid=([^,/]+)"
> qualifier="https://idp.example.org/shibboleth";
>
> class="edu.internet2.middleware.shibboleth..X509SubjectNameNameIdentifierMapping"/>
>
> <NameMapping
> xmlns="urn:mace:shibboleth:namemapper:1.0"
> id="email"
> format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
>
> template="%PRINCIPAL%@example.org"
>
> regex="([^@]+)@"
> qualifier="https://idp.example.org/shibboleth";
>
> class="edu.internet2.middleware.shibboleth..emailAddressNameIdentifierMapping"/>
Actually, this can be simplified even further (which is what I think
you were suggesting earlier):
<NameMapping
xmlns="urn:mace:shibboleth:namemapper:1.0"
id="x509"
format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
template="uid=%PRINCIPAL%,o=example.org"
regex="uid=([^,/]+)"
qualifier="https://idp.example.org/shibboleth";
type="Principal"/>
<NameMapping
xmlns="urn:mace:shibboleth:namemapper:1.0"
id="email"
format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
template="%PRINCIPAL%@example.org"
regex="([^@]+)@"
qualifier="https://idp.example.org/shibboleth";
type="Principal"/>
and similarly for the WindowsDomainQualifiedName and kerberos
identifiers. (Cool, one class to implement four SAML name
identifiers.) This requires mods to NameMapper and/or
PrincipalNameIdentifier.
Tom
- Re: SAML name identifiers, (continued)
- Re: SAML name identifiers, Ian Young, 03/07/2006
- RE: SAML name identifiers, Scott Cantor, 03/07/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/06/2006
- RE: SAML name identifiers, Scott Cantor, 03/06/2006
- Re: SAML name identifiers, Tom Scavo, 03/06/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/06/2006
- RE: SAML name identifiers, Scott Cantor, 03/06/2006
- Re: SAML name identifiers, Tom Scavo, 03/06/2006
- RE: SAML name identifiers, Scott Cantor, 03/06/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Ian Young, 03/07/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
- RE: SAML name identifiers, Scott Cantor, 03/05/2006
- Re: SAML name identifiers, Tom Scavo, 03/05/2006
Archive powered by MHonArc 2.6.16.