Can't get NameQualifier attribute to turn up in <saml:NameID> element

[Dominik Trupčević]

Hi everyone,

I'm having some issues with correctly passing the eduPersonTargetedID attribute from my IDP.

I'm currently sending this in my attribute statement which is mostly fine, but the NameQualifier is missing:

<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue> <saml:NameID SPNameQualifier="https://test.sp.com/example/metadata.php">5bbda3fc09e58ca66f48fb0d6269338911bdf178 </saml:NameID> </saml:AttributeValue> </saml:Attribute>

The responsible AuthProc filter is configured in the following way ATM:

                13 => array(

                        'class'         => 'saml:PersistentNameID2TargetedID',

                        'attribute'     => 'eduPersonTargetedID',

                        'nameId'        => TRUE,

                        'NameQualifier' => 'https://login.uos.ac.uk/saml2/idp/metadata.php',

                ),

I've tried different classes to generate the attribute (like core:TargetedID), the rest of the relevant configuration on my IDP is the following:

        'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',

        'attributeencodings'    => array(

                'urn:oid:1.3.6.1.4.1.5923.1.1.1.10' => 'raw',

        ),

        'userid.attribute'      => 'objectGUID',

        'NameIDFormat'          => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',

I've tried setting the NameQualifier in the AuthProc filter to a constant string, but it the attribute is still refusing to turn up.

Has anyone had similar experiences or sees some obvious mistake I made?