Custom NameID (High Level API)

Hi there

Is it possible to specify a custom Subject NameID source attribute specified in the saml.config file?

For example, say I have both a Username and an Email attribute. PartnerServiceProvider A wants Email, whereas PartnerServiceProvider B wants Username. Is it possible to specify which Attribute is used for the Subject NameID?

Cheers Peter

Hi Peter
The subject name ID is set through the SAML API rather than through the configuration. The userName parameter to the SAMLIdentityProvider.InitiateSSO and SAMLIdentityProvider.SendSSO API methods is used to set the subject name ID in the SAML assertion. In your code use the appropriate value (user name, email address etc) for the parameter depending on the partner service provider requirement.

Thanks for the reply. I had a feeling that would be the case.

I suspect the best way to deliver what I need would be to configure it programmatically as per from a DB or similar.

Unless there’s a way of extending the saml.config schema…?

The SAML configuration corresponds roughly to SAML metadata. In other words, it’s configuration associated with the SAML protocols etc. Mapping a user name or email address to the SAML NameID is considered application specific and something better handled within your application. For example, your application probably already looks up user information in Active Directory or a database as part of local login of the user. It makes more sense for your application to lookup any additional information and map this to the NameID. Adding this support into the SAML configuration is probably adding too much complexity to it.