The PrincipalNameIdentifier mapping is the simplest and most straightforward NameIdentifierMapping of all. The idea is to embed the local principal name directly in the NameIdentifier element:
Obviously, the PrincipalNameIdentifier mapping provides no privacy whatsoever.
To configure an IdentityProvider to use PrincipalNameIdentifier, insert the following
NameMapping element into the !IdP config file (idp.xml):
id attribute is a unique identifier for this
NameMapping element in the config file. The
format attribute value is wholly contrived, so PrincipalNameIdentifier is of little use except for testing purposes.
Note: The GridShib.EmailAddressNameIdentifierMapping is functionally equivalent to the PrincipalNameIdentifier mapping plus it is an implementation of a standard SAML NameIdentifierFormat.