Shibboleth Developers

["Tom Scavo" <>]

A couple of months ago, Scott suggested a consolidation of various
SAML name identifiers in the following thread:

https://mail.internet2.edu/wws/arc/shibboleth-dev/2006-03/msg00000.html

Accordingly, the implementation (and its unit test) are now done:

http://viewcvs.globus.org/viewcvs.cgi/gridshib/idp/src/edu/internet2/middleware/shibboleth/common/provider/PrincipalNameIdentifierMapping.java

A typical config element might look like:

<NameMapping
 xmlns="urn:mace:shibboleth:namemapper:1.0"
 id="email"
 format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
 
template="%PRINCIPAL%@example.org"
 
regex="([^@]+)@"
 
class="edu.internet2.middleware.shibboleth.common.provider.PrincipalNameIdentifierMapping"/>

What makes this possible is the SAMLNameIdentifier format handler
concept in OpenSAML 1.1.  Three such handlers have been written
(UnspecifiedNameIdentifier, EmailAddressNameIdentifier, and
X509SubjectNameNameIdentifier) and are registered in the base
NameIdentifierMapping class.

This class is very nearly a drop-in replacement for Shibboleth's
X509SubjectNameNameIdentifierMapping and PrincipalNameIdentifier, in
addition to GridShibX509SubjectNameNameIdentifierMapping and
EmailAddressNameIdentifierMapping of the GridShib project.  It will
even handle ADFS's UPNNameIdentifierMapping with a suitable format
handler (perhaps an extension of EmailAddressNameIdentifier above).

Hope this helps,
Tom

TODO: Replace NameIdentifierConstants with properties files and/or
resource bundles.