From 8635ad434560012c379617cef0f89ffc7c4041c2 Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Mon, 17 Aug 2009 12:26:22 +0000 Subject: [PATCH] docs: Add documentation for NameID in eduPersonTargetedID. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1686 44740490-163a-0410-bde0-09ae8108e29a --- docs/simplesamlphp-authproc.txt | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/docs/simplesamlphp-authproc.txt b/docs/simplesamlphp-authproc.txt index 878747012..a2468d032 100644 --- a/docs/simplesamlphp-authproc.txt +++ b/docs/simplesamlphp-authproc.txt @@ -303,6 +303,39 @@ In example that could mean: 23:https://sp.example.org19:andreas@uninett.noq8d76f8ds75f68d7s' ) +#### Internet2 compatible `eduPersontargetedID` #### + +Internet2 uses an `<AttributeValue>` element with a `<NameID>` element to represent the `edupersonTargetedID`: + + <saml2:AttributeValue> + <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + NameQualifier="https://idp.example.org/shibboleth" + SPNameQualifier="https://sp.example.org/shibboleth" + >1234567890</saml2:NameID> + </saml2:AttributeValue> + +This format is documented in the [MACE-Dir SAML Attribute Profiles](http://middleware.internet2.edu/dir/docs/internet2-mace-dir-saml-attributes-200604.pdf) document. + +To make simpleSAMLphp generate this kind of `eduPersonTargetedID`, you need to set the `nameId`-option to TRUE. +You also need to change the encoding of the `eduPersonTargetedID` attribute to `raw`. + +Example: + + $metadata['__DYNAMIC:1__'] = array( + 'host' => '__DEFAULT__', + 'auth' => 'example-static', + + 'authproc' => array( + 60 => array( + 'class' => 'core:TargetedID', + 'nameId' => TRUE, + ), + ), + 'attributeencodings' => array( + 'eduPersonTargetedID' => 'raw', + ), + ); + ### Adding a group attribute (`core:GenerateGroups`) -- GitLab