/opt/shibboleth-idp/conf/saml-nameid.xml

1. <?xml version="1.0" encoding="UTF-8"?>
2. <beans xmlns="http://www.springframework.org/schema/beans"
3.       xmlns:context="http://www.springframework.org/schema/context"
4.       xmlns:util="http://www.springframework.org/schema/util"
5.       xmlns:p="http://www.springframework.org/schema/p"
6.       xmlns:c="http://www.springframework.org/schema/c"
7.       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
8.       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
9.                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
10.                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
11.                          
12.       default-init-method="initialize"
13.       default-destroy-method="destroy">
14.  
15.     <!-- ========================= SAML NameID Generation ========================= -->
16.  
17.     <!--
18.    These generator lists handle NameID/Nameidentifier generation going forward. By default,
19.    transient IDs for both SAML versions are enabled. The commented examples are for persistent IDs
20.    and generating more one-off formats based on resolved attributes. The suggested approach is to
21.    control their use via release of the underlying source attribute in the filter policy rather
22.    than here, but you can set a property on any generator called "activationCondition" to limit
23.    use in the most generic way.
24.    
25.    Most of the relevant configuration settings are controlled using properties; an exception is
26.    the generation of arbitrary/custom formats based on attribute information, examples of which
27.    are shown below.
28.    
29.    -->
30.    
31.     <!-- SAML 2 NameID Generation -->
32.     <util:list id="shibboleth.SAML2NameIDGenerators">
33.    
34.         <ref bean="shibboleth.SAML2TransientGenerator" />
35.        
36. #if( $resovlerParams.size() > 0 )
37.     #foreach( $nameIdConfig in $resovlerParams.configs )
38.     <bean parent="shibboleth.SAML2AttributeSourcedGenerator"
39.        p:format="urn:oasis:names:tc:SAML:2.0:nameid-format:email"
40.        p:attributeSourceIds="#{ {'$nameIdConfig.name'} }"/>
41.     #end
42. #end
43.  
44. <!--
45. <bean parent="shibboleth.SAML2AttributeSourcedGenerator"
46.          p:format="urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"
47.          p:attributeSourceIds="#{ {'mail'} }"/>-->
48.        
49.         <!-- Uncommenting this bean requires configuration in saml-nameid.properties. -->
50.         <!--
51.        <ref bean="shibboleth.SAML2PersistentGenerator" />
52.        -->
53.  
54.         <!--
55.        <bean parent="shibboleth.SAML2AttributeSourcedGenerator"
56.            p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
57.            p:attributeSourceIds="#{ {'mail'} }" />
58.        -->
59.                
60.     </util:list>
61.    
62. </beans>