Class PrincipalNameIdentifierMapping
This class is an implementation of interface NameIdentifierMapping:
package edu.internet2.middleware.shibboleth.common.provider; public class PrincipalNameIdentifierMapping extends GridShibBaseNameIdentifierMapping;
Class PrincipalNameIdentifierMapping
is a general implementation of SAML 1.1 name identifiers. The implementation fully supports the following name identifier formats:
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
The format
urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsQualifiedDomainName
is only partially supported (since there is no handler for this format).
To configure the use of this implementation, an !IdP would insert a suitably configured NameMapping
element into its config file (idp.xml):
<!-- unspecified configuration --> <NameMapping xmlns="urn:mace:shibboleth:namemapper:1.0" id="unspecified" format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" template="%PRINCIPAL%" regex="(.+)" qualifier="https://idp.example.org/shibboleth" class="edu.internet2.middleware.shibboleth.common.provider.PrincipalNameIdentifierMapping"/> <!-- emailAddress configuration --> <NameMapping xmlns="urn:mace:shibboleth:namemapper:1.0" id="email" format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" template="%PRINCIPAL%@example.org" regex="([^@]+)@" qualifier="https://idp.example.org/shibboleth" class="edu.internet2.middleware.shibboleth.common.provider.PrincipalNameIdentifierMapping"/> <!-- X509SubjectName configuration --> <NameMapping xmlns="urn:mace:shibboleth:namemapper:1.0" id="x509" format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" template="uid=%PRINCIPAL%,o=example.org" regex="uid=([^,/]+)" qualifier="https://idp.example.org/shibboleth" class="edu.internet2.middleware.shibboleth.common.provider.PrincipalNameIdentifierMapping"/>
All attributes of the NameMapping
element except the qualifier
attribute are required. If the latter is omitted, it defaults to the !IdP providerId
.