The various ManageNameID (MNI) JSP provide a way to change account identifiers or terminate mappings between identity provider accounts and service provider accounts. For example, after establishing a name identifier for use when referring to a principal, the identity provider may want to change its value and/or format. Additionally, an identity provider might want to indicate that a name identifier will no longer be used to refer to the principal. The identity provider will notify service providers of the change by sending them a ManageNameIDRequest. A service provider also uses this message type to register or change the SPProvidedID value (included when the underlying name identifier is used to communicate with it) or to terminate the use of a name identifier between itself and the identity provider.
idpMNIRequestInit.jsp initiates the ManageNameIDRequest at the identity provider by user request. The endpoint for this JSP is protocol://host:port/service-deploy-uri/IDPMniInit. It takes the following required parameters:
metaAlias: The value of the metaAlias property set in the identity provider's extended metadata configuration file. If the metaAlias attribute is not present, an error is returned.
spEntityID: The entity identifier of the service provider to which the response is sent.
requestType: The type of ManageNameIDRequest. Accepted values include Terminate and NewID.
NewID is not supported in this release.
Some of the other optional parameters are :
binding: A URI specifying the protocol binding to use for the <Request>. The supported values are:
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
RelayState: The target URL of the request
idpMNIRedirect.jsp processes the ManageNameIDRequest and the ManageNameIDResponse received from the service provider using HTTP-Redirect. The endpoint for this JSP is protocol://host:port/service-deploy-uri/IDPMniRedirect. It takes the following required parameters:
SAMLRequest: The ManageNameIDRequest from the service provider.
SAMLResponse: The ManageNameIDResponse from the service provider.
Optionally, it can also take the RelayState parameter which specifies the target URL of the request.
spMNIRequestInit.jsp initiates the ManageNameIDRequest at the service provider by user request. The endpoint for this JSP is protocol://host:port/service-deploy-uri/SPMniInit. It takes the following required parameters:
metaAlias: This parameter takes as a value the metaAlias set in the identity provider's extended metadata configuration file. If the metaAlias attribute is not present, an error is returned.
idpEntityID: The entity identifier of the identity provider to which the request is sent.
requestType: The type of ManageNameIDRequest. Accepted values include Terminate and NewID.
NewID is not supported in this release.
Some of the other optional parameters are :
binding: A URI specifying the protocol binding to use for the Request. The supported values are:
urn:oasis:names:tc:SAML:2.0:bindings:SOAP
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
RelayState: The target URL of the request.
spMNIRedirect.jsp processes the ManageNameIDRequest and the <ManageNameIDResponse> received from the identity provider using HTTP-Redirect. The endpoint for this JSP is protocol://host:port/service-deploy-uri/SPMniRedirect. It takes the following required parameters:
SAMLRequest: The ManageNameIDRequest from the identity provider.
SAMLResponse: The ManageNameIDResponse from the identity provider.
Optionally, it can also take the RelayState parameter which specifies the target URL of the request.