...
urn:oasis:names:tc:SAML:2.0:nameid-format:persistentA persistent NameID contains a unique string identifying the user for this SP and persisting over multiple sessions.urn:oasis:names:tc:SAML:2.0:nameid-format:transientA transient NameID contains a unique string identifying the user for this SP during the session. If the user logs in again, a new transient identifier will be generated.
...
| Warning | ||
|---|---|---|
| ||
Although the NameID and eduPersonTargetedID are least likely to change and most privacy aware, they can change in some cases causing user profiles for services to be lost. The NameID, as used in the SAML assertion to a service provider when loggin' on, is generated using the uid, schacHomeOrganisation, the Entity ID of the service provider together with a secret that uses a SHA algorithm. |
...
Institutions or services that are in production and |
...
change one of these attributes, |
...
will cause a new NameID and eduPersonTargetedID to be generated by SURFconext when doing so. This can cause loss of access to profiles at services. We will discuss this with identity providers and service providers when we see a change in one of these attributes. |
Attribute schemas
A schema is an abstract representation of an object's characteristics and relationship to other objects.
...