SAML 2 NameID Attribute Definition
This does not define a <NameID> for use in the <Subject> of the assertion.
This attribute definition creates an attribute whose values are SAML 2 NameIDs. This attribute definition always uses the SP's entity ID as the NameID SPNameQualifier.
1. Create the Definition
The definition is created with the element
<resolver:AttributeDefinition xsi:type="SAML2NameID" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> with the following required attributes:
- id: A unique identifier used within the IdP's resolver and filter to reference this definition.
and an optional attribute:
- nameIdFormat: Becomes the Format attribute on the created SAML 2 <NameID> element. Defaults to
- nameIdQualifier: Becomes the NameQualifier attribute on the created SAML 2 <NameID> element. Defaults to the IdP's entity ID.
- sourceAttributeID - the ID of the attribute, from the dependency connectors, used to construct this attribute (default value: ID of this attribute)
- dependencyOnly: A boolean flag that indicates the attribute produced by this definition is used only by other resolver components and should never be released from the resolver. Defaults to
2. Define Dependencies
You must express, as a dependency, the attribute definition or data connector that produces the source attribute. Dependencies are declared using a
<resolver:Dependency> with a
ref attribute whose value is the unique ID of the dependent attribute definition or the data connector.