saml:SubjectID

Filter to insert a subject-id that complies with the SAML V2.0 Subject Identifier Attributes Profile .

This filter will take an attribute and a scope as input and transforms this into a scoped identifier that is globally unique for a given user.

Note If privacy is of your concern, you may want to hash the unique part of the subject-id. Hashing also ensures that the output is compliant with the specification. If you do not want to hash the unique part, you have to ensure that the identifyingAttribute always contains a value that is in line with the specification!

If you are also worried about correlation of IDs between diffent SP's, use the PairwiseID-filter instead.

Note Since the subject-id is specified as single-value attribute, only the first value of identifyingAttribute and scopeAttribute are considered.

Examples

    'authproc' => [
        50 => [
            'class' => 'saml:SubjectID',
            'identifyingAttribute' => 'uid',
            'scopeAttribute' => 'scope',
            'hashed' => true,
        ],
    ],