This documentation is for WSO2 Identity Server 5.6.0 . View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. To configure the principal Id as the NameID in the SAML Assertion, do the following.
    1. Comment out the following default configuration in the <SHIBBOLETH_IDP_HOME>/conf/attribute-resolver.xml file.

      Code Block
      languagexml
      &lt;
      <!--resolver:AttributeDefinition id=&quot;
      transientId&quot; 
      "transientId" xsi:type=&quot;
      "ad:TransientId&quot;
      &gt;
      &lt;
      resolver">
      <resolver:AttributeEncoder xsi:type=&quot;
      "enc:SAML1StringNameIdentifier&quot;" 
      nameFormat=&quot;
      "urn:mace:shibboleth:1.0:nameIdentifier&quot;
      /&gt;
      &lt;
      resolver"/>
      <resolver:AttributeEncoder xsi:type=&quot;
      "enc:SAML2StringNameID&quot;" 
      nameFormat=&quot;
      "urn:oasis:names:tc:SAML:2.0:nameidformat:transient&quot;
      /&gt;
      &lt;
      "/>
      </resolver:AttributeDefinition--&gt;>
    2. Add the following configurations to replace the above commented out configurations.

      Code Block
      languagexml
      &lt;
      resolver<resolver:AttributeDefinition id=&quot;
      principalId&quot; 
      "principalId" xsi:type=&quot;
      PrincipalName&quot; "PrincipalName" xmlns=&quot;
      "urn:mace:shibboleth:2.0:resolver:ad&quot;
      &gt;
      &lt;
      resolver">
      <resolver:AttributeEncoder xsi:type=&quot;
      SAML2StringNameID&quot; "SAML2StringNameID" xmlns=&quot;
      "urn:mace:shibboleth:2.0:attribute:encoder&quot;" 
      nameFormat=&quot;
      "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified&quot; 
      /&gt;
      &lt;
      " />
      </resolver:AttributeDefinition&gt;AttributeDefinition>
  2. To configure a new policy for the principal Id, do the following.
    1. Comment out the following default configuration in the <SHIBBOLETH_IDP_HOME>/conf/attribute-filter.xml file.

      Code Block
      languagexml
      &lt;
      <!--afp:AttributeFilterPolicy id=&quot;
      releaseTransientIdToAnyone&quot;
      &gt;
      &lt;
      afp"releaseTransientIdToAnyone">
      <afp:PolicyRequirementRule xsi:type=&quot;
      "basic:ANY&quot;
      /&gt;
      &lt;
      afp"/>
      <afp:AttributeRule attributeID=&quot;
      transientId&quot;
      &gt;
      &lt;
      afp"transientId">
      <afp:PermitValueRule xsi:type=&quot;
      "basic:ANY&quot;
      /&gt;
      &lt;
      "/>
      </afp:AttributeRule&gt;
      &lt;
      AttributeRule>
      </afp:AttributeFilterPolicy--&gt;>
    2. Add the following configurations to replace the above commented out configurations.

      Code Block
      languagexml
      &lt;
      afp<afp:AttributeFilterPolicy id=&quot;
      releasePrincipalIdToAnyone&quot;
      &gt;
      &lt;
      afp"releasePrincipalIdToAnyone">
      <afp:PolicyRequirementRule xsi:type=&quot;
      "basic:ANY&quot;
      /&gt;
      &lt;
      afp"/>
      <afp:AttributeRule attributeID=&quot;
      principalId&quot;
      &gt;
      &lt;
      afp"principalId">
      <afp:PermitValueRule xsi:type=&quot;
      "basic:ANY&quot;
      /&gt;
      &lt;
      "/>
      </afp:AttributeRule&gt;
      &lt;
      AttributeRule>
      </afp:AttributeFilterPolicy&gt;AttributeFilterPolicy>

Configuring Identity Server as SP in Shibboleth

...