Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
shib-idp-conftree/conf/saml-nameid.xml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
64 lines (49 sloc)
2.8 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <beans xmlns="http://www.springframework.org/schema/beans" | |
| xmlns:context="http://www.springframework.org/schema/context" | |
| xmlns:util="http://www.springframework.org/schema/util" | |
| xmlns:p="http://www.springframework.org/schema/p" | |
| xmlns:c="http://www.springframework.org/schema/c" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | |
| http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd | |
| http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" | |
| default-init-method="initialize" | |
| default-destroy-method="destroy"> | |
| <!-- ========================= SAML NameID Generation ========================= --> | |
| <!-- | |
| These generator lists handle NameID/Nameidentifier generation going forward. By default, | |
| transient IDs for both SAML versions are enabled. The commented examples are for persistent IDs | |
| and generating more one-off formats based on resolved attributes. The suggested approach is to | |
| control their use via release of the underlying source attribute in the filter policy rather | |
| than here, but you can set a property on any generator called "activationCondition" to limit | |
| use in the most generic way. | |
| Most of the relevant configuration settings are controlled using properties; an exception is | |
| the generation of arbitrary/custom formats based on attribute information, examples of which | |
| are shown below. | |
| --> | |
| <!-- SAML 2 NameID Generation --> | |
| <util:list id="shibboleth.SAML2NameIDGenerators"> | |
| <ref bean="shibboleth.SAML2TransientGenerator" /> | |
| <!-- Uncommenting this bean requires configuration in saml-nameid.properties. --> | |
| <!-- | |
| <ref bean="shibboleth.SAML2PersistentGenerator" /> | |
| --> | |
| <!-- | |
| <bean parent="shibboleth.SAML2AttributeSourcedGenerator" | |
| p:omitQualifiers="true" | |
| p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" | |
| p:attributeSourceIds="#{ {'mail'} }" /> | |
| --> | |
| </util:list> | |
| <!-- SAML 1 NameIdentifier Generation --> | |
| <util:list id="shibboleth.SAML1NameIdentifierGenerators"> | |
| <ref bean="shibboleth.SAML1TransientGenerator" /> | |
| <!-- | |
| <bean parent="shibboleth.SAML1AttributeSourcedGenerator" | |
| p:omitQualifiers="true" | |
| p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" | |
| p:attributeSourceIds="#{ {'mail'} }" /> | |
| --> | |
| </util:list> | |
| </beans> |