Hi there,
I had this issue early on, and it turned out that my service registry was
not specifying the nameid format as persistent, but rather unspecified,
which was making it transient.
Here's a snippet from our service config for the requiredNameIdFormat
and usernameAttributeProvider properties:
"requiredNameIdFormat": "urn:oasis:names:tc:SAML:2.0:
*nameid-format:persistent*",
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "eduPersonTargetedID",
"canonicalizationMode" : "NONE"
}
-Mike
On Fri, May 7, 2021 at 9:37 AM Marcin Roman <[email protected]>
wrote:
> Hi, I could not manage to configure CAS to release eduPersonTargetedID in
> correct format.
> According to specs (
> https://www.switch.ch/aai/support/documents/attributes/edupersontargetedid/)
> eduPersonTargetedID should look like this:
>
> <saml2:Attribute FriendlyName="eduPersonTargetedID"
> Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>
> <saml2:NameID
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
> NameQualifier="https://sso.umk.pl/idp/shibboleth"; SPNameQualifier="
> https://orcid.org/saml2/sp/1";>S1yftf/VIwgXi4bclR5tdXB/VRE=</saml2:NameID>
> </saml2:AttributeValue>
> </saml2:Attribute>
>
> This the way shibboleth releases it.
> However CAS releases eduPersonTargetedID in the following way:
>
> <saml2:Attribute FriendlyName="eduPersonTargetedID"
> Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" >
> <saml2:AttributeValue>aALV+7l7KzaznzhyDsaBNgAdzSI=</saml2:AttributeValue>
> </saml2:Attribute>
>
> Perhaps I misconfigured something?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/337e9277-89c4-4fec-bf43-44e11d35e78dn%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/337e9277-89c4-4fec-bf43-44e11d35e78dn%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWHOK5Ztw9n%3DzQRcuWwfQdQ8tgQOma5DxPp2NFQy9gUSQ%40mail.gmail.com.
