I would like to retrieve the NameID used by the IDP in clear text, but with the getAuthData function, I get an encrypted value.
How to do?
Actually I can get attributes with :
require_once("pathlin");
$as = new SimpleSAML_Auth_Simple('default-sp');
$attrs = $as->getAttributes();
Si I can parse the dictionary and get some attributes.
But now I want to get NameID, I try with :
$as->getAuthData("saml:sp:NameID")->value
authsource.php :
$config = [
'admin' => [
'core:AdminPassword',
],
'example-userpass' => [
'exampleauth:UserPass',
'testuid:testtest' => [
'uid' => ['testuid'],
],
],
];
saml20-idp-hosted.php :
$metadata['__DYNAMIC:1__'] = [
'host' => '__DEFAULT__',
'privatekey' => 'example.org.pem',
'certificate' => 'example.org.crt',
'auth' => 'example-userpass',
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'authproc' => array(
100 => array('class' => 'core:AttributeMap', 'name2oid'),
),];
config.php (authproc.idp) :
'authproc.idp' => [
1 => array(
'class' => 'saml:TransientNameID',
),
2 => array(
'class' => 'saml:PersistentNameID',
'attribute' => 'eduPersonPrincipalName',
),
3 => array(
'class' => 'saml:AttributeNameID',
'attribute' => 'mail',
'Format' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',),],
So, how get 'testuid', by NameID ?
Thank you in advance!
Your IdP is not setting a NameID AND your SP isn't requesting a non-transient NameID. By default SSP will generate a transient NameID, which is just random, not an encrypted value.
To set a NameID in your test IDP you'll need an authproc filter to set the NameID. AttributeNameID will let you set one from your attributes. Lastly, you'll need either your SP to request that nameID in it's authn request (see NameID policy) or ensure your SP metadata has the desired nameID format defined (by defining NameIDFormat in your SP authsource and reloading the metadata into the idp).
In the end it is usually much easier to just put the username in an attribute.