What is the purpose of SAML 2 Subject Name Identifier?

single-sign-on saml saml-2.0 shibboleth
14,314

Name Identifier contains several attributes.

The first attribute is NameQualifier, which specifies the security domain of the user at the IDP. Security domain is useful to disambiguate different users that use the same name identifier.

The second attribute is SPNameQualifier, which specifies the security domain of the user at the SP.

The third attribute is Format, which specifies how the name identifier should be interpreted.

For example, Email Address name identifier format is used when the user wants to use the same name identifier in IDP and SP. This means that if the user is login as [email protected] in IDP, the user is also login as [email protected] in SP.

Another example, Persistent Identifier is used when the user does not want to use the same name identifier in IDP and SP. This means that a user can login as [email protected] in IDP, but login as [email protected] in SP. This is achieved by using an identifier, such as 12345, agreed by IDP and SP, which is mapped to [email protected] in IDP and mapped to [email protected] in SP. Persistent Identifier is useful when you do not want the SP to know the name identifier of the user in IDP.

Share:
14,314
danludwig
Author by

danludwig

System Fragmentation Advocate, Cloud Services Puppeteer, & Network Parsimony Policeman AWS Certified Developer Associate 2021

Updated on June 09, 2022

Comments

  • danludwig
    danludwig almost 2 years

    When doing authn against a SAML 2 IdP, what does the Subject Name Identifier supposed to be for? Does it track each user login?

    I'm wondering if my SAML 2 service provider application should track these for different users. Since they are transient, they can be different for different logins (so I would need to track using a collection hanging off the user account).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SimpleSamlPhp as SP redirects incorrectly
What is the correct format for SAML 2.0 Assertions?
Logging into SAML/Shibboleth authenticated server using python
What is exactly RelayState parameter used in SSO (Ex. SAML)?
What is the relation between CAS vs SAML?
understanding Shibboleth and SAML
Keycloak "Unexpected error when handling authentication request to identity provider"
What's the difference between AWS SSO and AWS Cognito?
Steps to implement SSO for php application
Is there a way to provide SAML sp implementation using an Apache filter?