###### Configuration changes #########
# Current Version: 1.15.x             #
# Previous Version: 1.14.x            #
######################################

Shibboleth Configuration
========================

* Update Shibboleth configuration, changed REMOTE_USER id. Overwrite old shibboleth2.xml and attribute-map.xml with new one.

Shibboleth Configuration
========================
in /etc/shibboleth/attribute-map.xml
change
    <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$Name" defaultQualifiers="true"/>
    </Attribute>

into
    <Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" id="name-id">
        <AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$Name" defaultQualifiers="true"/>
    </Attribute>

and add:

  <!-- License Info attribute map -->
    <Attribute name="urn:nl.surfconext.licenseInfo" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" id="licenseInfo" />


in shibboleth2.xml

change

    <ApplicationDefaults entityID="https://portal.XXXX.surfconext.nl/shibboleth"
                         REMOTE_USER="persistent-id"
                         signing="true" encryption="true">
into

    <ApplicationDefaults entityID="https://portal.XXXX.surfconext.nl/shibboleth"
                         REMOTE_USER="name-id"
                         signing="true" encryption="true">

in shibboleth2.xml

Add NameIDFormat to SessionInitiator in order to ask for a specific NameIDFormat from EngineBlock