发表新帖
发表新帖

What are the different NameID format used for?

前端 未结
关注
4 1142
被撕碎了的回忆
被撕碎了的回忆 2020-12-08 09:10

In SAML metadata file there are several NameID format defined, for example:

urn:mace:shibboleth:1.0:nameIdentifier
4条回答
  • 攒了一身酷
    攒了一身酷 (楼主)
    2020-12-08 10:09

    It is just a hint for the Service Provider on what to expect from the NameID returned by the Identity Provider. It can be:

    1. unspecified
    2. emailAddress – e.g. john@company.com
    3. X509SubjectName – e.g. CN=john,O=Company Ltd.,C=US
    4. WindowsDomainQualifiedName – e.g. CompanyDomain\John
    5. kerberos– e.g. john@realm
    6. entity – this one in used to identify entities that provide SAML-based services and looks like a URI
    7. persistent – this is an opaque service-specific identifier which must include a pseudo-random value and must not be traceable to the actual user, so this is a privacy feature.
    8. transient – opaque identifier which should be treated as temporary.

    0 讨论(0)
 看不清?
提交回复
热议问题