What is the purpose of SAML 2 Subject Name Identifier?

danludwig picture danludwig · Apr 14, 2012 · Viewed 13.4k times · Source

When doing authn against a SAML 2 IdP, what does the Subject Name Identifier supposed to be for? Does it track each user login?

I'm wondering if my SAML 2 service provider application should track these for different users. Since they are transient, they can be different for different logins (so I would need to track using a collection hanging off the user account).

Answer

user404345 picture user404345 · Apr 19, 2012

The <NameIdentifier> element is a SAML 1.1 concept. It has been superseded by the <NameID> element which identifies the subject. NameID is not necessarily transient - see section 8.3 of the SAML 2.0 core specification