I have implemented Single Sign On to access my Sp application .It uses a shibboleth server as Identity Provider .After i login in idp system I receive a Saml response from Idp which contains Saml Assertion but i don't now how to identify this user in my app. The saml assertion contains this data:
*
The following attributes were provided by your identity provider urn:oasis:names:tc:SAML:2.0:nameid-format:transient AAdzZWNyZXQxlKzPy2zEKyk/rEaN2jVTXi6mEvaFbOzXwkMNEZMB+TkQcmWW4LZT70hx3cAVEyrBSdXkT2glVkPGuncVMe5PfFipJjVAGE7jdRGsFef6CqzDArE9Olw/1EhkIA/S3hu9IpiU urn:oid:1.3.6.1.4.1.5923.1.1.1.9 affiliate@test.ukfederation.org.uk, affiliate, i8mqNNzYfweNDzGr/PafYaMzWko=, alice@test.ukfederation.org.uk urn:oid:1.3.6.1.4.1.5923.1.1.1.1 affiliate@test.ukfederation.org.uk, affiliate, i8mqNNzYfweNDzGr/PafYaMzWko=, alice@test.ukfederation.org.uk urn:oid:1.3.6.1.4.1.5923.1.1.1.10 affiliate@test.ukfederation.org.uk, affiliate, i8mqNNzYfweNDzGr/PafYaMzWko=, alice@test.ukfederation.org.uk urn:oid:1.3.6.1.4.1.5923.1.1.1.6 affiliate@test.ukfederation.org.uk, affiliate, i8mqNNzYfweNDzGr/PafYaMzWko=, alice@test.ukfederation.org.uk
*
I was trying to use name-id to identify users in my system with users in idp ,but this values changes after each login.
For example : Google Suite uses urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress as name identifier and it possible to find the user using email address ,but in this case i am stuck. Please which is the best way to do this ? Should i use attributes?
This uses the Object identifier (OID) format.
e.g. 1.3.6.1.4.1.5923.1.1.1.6 is eduPersonPrincipalName
Refer this.