Hi everyone,
I'm having some issues with correctly passing the eduPersonTargetedID attribute from my IDP.
I'm currently sending this in my attribute statement which is mostly fine, but the NameQualifier is missing:
<saml:Attribute
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>
<saml:NameID
SPNameQualifier="https://test.sp.com/example/metadata.php">5bbda3fc09e58ca66f48fb0d6269338911bdf178
</saml:NameID>
</saml:AttributeValue>
</saml:Attribute>
The responsible AuthProc filter is configured in the following way ATM:
13 => array(
'class' => 'saml:PersistentNameID2TargetedID',
'attribute' => 'eduPersonTargetedID',
'nameId' => TRUE,
),
I've tried different classes to generate the attribute (like core:TargetedID), the rest of the relevant configuration on my IDP is the following:
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'attributeencodings' => array(
'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'raw',
),
'userid.attribute' => 'objectGUID',
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
I've tried setting the NameQualifier in the AuthProc filter to a constant string, but it the attribute is still refusing to turn up.
Has anyone had similar experiences or sees some obvious mistake I made?