I am just learning Shibboleth SP and I have run into an issue where I cannot read the NameID from the SAML Response I receive from our corporate IdP. The only "attribute" they have configured for me is the NameID which holds the username in our AD. They do not add it as an attribute, but rather in the subject. Below is the portion of the SAML response containing the NameID.
<Subject>
<NameID>XXXXXX</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<SubjectConfirmationData InResponseTo="_cbedab7210959e0d00294c557c648eb5"
NotOnOrAfter="2017-05-18T21:15:24.776Z"
Recipient="https://xxxxxx.com/Shibboleth.sso/SAML2/POST"
/>
</SubjectConfirmation>
</Subject>
How can I extract this simple value? I have not found an example entry in the attribute-map.xml that seems to fit the bill.
I am using IIS 8.5 and ColdFusion.
I finally got the attribute to map using the following. In my case, I had replaced SAML:1.1 with SAML2. I assume the NameID is part of the SAML:1.1 spec.
<Attribute name="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" id="NameID">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$Name" defaultQualifiers="true"/>
</Attribute>