1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
`saml:NameIDAttribute`
======================
Filter that extracts the NameID we received in the authentication response and adds it as an attribute.
Parameters
----------
`attribute`
: The name of the attribute we should create.
The default is `nameid`.
`format`
: The format string for the attribute.
The default is `%I!%S!%V`.
: The format string accepts the following replacements:
* `%I`: The IdP that issued the NameID.
This will be the `NameQualifier` element of the NameID if it is present, or the entity ID of the IdP we received the response from if not.
* `%S`: The SP the NameID was issued to.
This will be the `SPNameQualifier` element of the NameID if it is present, or the entity ID of this SP otherwise.
* `%V`: The value of the NameID.
* `%F`: The format of the NameID.
* `%%`: Will be replaced with a single `%`.
Examples
--------
Minimal configuration:
'default-sp' => array(
'saml:SP',
'authproc' => array(
20 => 'saml:NameIDAttribute',
),
),
Custom attribute name:
'default-sp' => array(
'saml:SP',
'authproc' => array(
20 => array(
'class' => 'saml:NameIDAttribute',
'attribute' => 'someattributename',
),
),
),
Only extract the value of the NameID.
'default-sp' => array(
'saml:SP',
'authproc' => array(
20 => array(
'class' => 'saml:NameIDAttribute',
'format' => '%V',
),
),
),
See also
--------
* [The description of the `saml:SP` authentication source.](./saml:sp)
* [How to generate various NameIDs on the IdP.](./saml:nameid)
|
