Hi there,
I had this issue early on, and it turned out that my service registry was
not specifying the nameid format as persistent, but rather unspecified,
which was making it transient.
Here's a snippet from our service config for the requiredNameIdFormat
and usernameAttributeProvider properties:
"requiredNameIdFormat": "urn:oasis:names:tc:SAML:2.0:
*nameid-format:persistent*",
"usernameAttributeProvider" : {
"@class" :
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute" : "eduPersonTargetedID",
"canonicalizationMode" : "NONE"
}
-Mike
On Fri, May 7, 2021 at 9:37 AM Marcin Roman <marcinroman...@gmail.com>
wrote:
> Hi, I could not manage to configure CAS to release eduPersonTargetedID in
> correct format.
> According to specs (
> https://www.switch.ch/aai/support/documents/attributes/edupersontargetedid/)
> eduPersonTargetedID should look like this:
>
> <saml2:Attribute FriendlyName="eduPersonTargetedID"
> Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue>
> <saml2:NameID
> Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
> NameQualifier="https://sso.umk.pl/idp/shibboleth"; SPNameQualifier="
> https://orcid.org/saml2/sp/1";>S1yftf/VIwgXi4bclR5tdXB/VRE=</saml2:NameID>
> </saml2:AttributeValue>
> </saml2:Attribute>
>
> This the way shibboleth releases it.
> However CAS releases eduPersonTargetedID in the following way:
>
> <saml2:Attribute FriendlyName="eduPersonTargetedID"
> Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" >
> <saml2:AttributeValue>aALV+7l7KzaznzhyDsaBNgAdzSI=</saml2:AttributeValue>
> </saml2:Attribute>
>
> Perhaps I misconfigured something?
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/337e9277-89c4-4fec-bf43-44e11d35e78dn%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/337e9277-89c4-4fec-bf43-44e11d35e78dn%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWHOK5Ztw9n%3DzQRcuWwfQdQ8tgQOma5DxPp2NFQy9gUSQ%40mail.gmail.com.
