SAML 2 NameID Attribute Definition
This does not define a <NameID> for use in the <Subject> of the assertion.
This attribute definition creates an attribute whose values are SAML 2 NameIDs. This attribute definition always uses the SP's entity ID as the NameID SPNameQualifier.
1. Create the Definition
The definition is created with the element
<resolver:AttributeDefinition xsi:type="SAML2NameID" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> with the following required attributes:
- id: A unique identifier used within the IdP's resolver and filter to reference this definition.
- sourceAttributeID: The ID of an attribute to split with the regular expression. It must be supplied by a dependency.
and an optional attribute:
- nameIdFormat: Becomes the Format attribute on the created SAML 2 <NameID> element. Defaults to
- nameIdQualifier: Becomes the NameQualifier attribute on the created SAML 2 <NameID> element. Defaults to the IdP's entity ID.
- dependencyOnly: A boolean flag that indicates the attribute produced by this definition is used only by other resolver components and should never be released from the resolver. Defaults to
2. Define Dependencies
You must express, as a dependency, the attribute definition or data connector that produces the source attribute. Dependencies are declared using a
<resolver:Dependency> with a
ref attribute whose value is the unique ID of the dependent attribute definition or the data connector.