What is the purpose of SAML 2 Subject Name Identifier?

single-sign-on saml saml-2.0 shibboleth
danludwig picture danludwig · Apr 14, 2012 · Viewed 13.4k times · Source

When doing authn against a SAML 2 IdP, what does the Subject Name Identifier supposed to be for? Does it track each user login?

I'm wondering if my SAML 2 service provider application should track these for different users. Since they are transient, they can be different for different logins (so I would need to track using a collection hanging off the user account).

Answer

user404345 picture user404345 · Apr 19, 2012

The <NameIdentifier> element is a SAML 1.1 concept. It has been superseded by the <NameID> element which identifies the subject. NameID is not necessarily transient - see section 8.3 of the SAML 2.0 core specification

Related questions

What is exactly RelayState parameter used in SSO (Ex. SAML)?

I am trying to understand SSO using SAML. I have come across the RelayState parameter and am very confused exactly why it comes first in SSO to send encoded URLs? What exactly does it mean? Please read the following from …

Read More
What is the correct format for SAML 2.0 Assertions?

We have a customer trying to use ADFS to SSO on to our web application. We are using the ComponentSpace SAML 2.0 library. The assertion being sent to us looks like: <Assertion ID="_b8a24809-ab6b-4acd-ad6a-8bcb97…

Read More
SimpleSamlPhp as SP redirects incorrectly

I have a SimpleSamlPHP implementation working as a Service Provider, so the workflow is as follows: IdP sends assertion to my ACS URL: /simplesaml/module.php/saml/sp/saml2-acs.php/default-sp but then it looks like he authenticates and …

Read More