The UserID field is the SAML subject name identifier from the SAML assertion. It's the primary user identity information and, in theory, should uniquely identify the user.
What's returned in the SAML subject and any SAML attributes is controlled by the identity provider. However, typically the service provider negotiates with the identity provider what information should be returned as the SAML subject and SAML attributes.
A commonly used value for the SAML subject is the user's email address.
However, anything can be used that makes sense to the identity provider and service provider.
If you did decide on something like the user's email address, ideally you would ask all identity providers to return this as the SAML subject.
If you picked some other user attribute that isn't common across all identity providers, you might need to do a little more work in your application to handle the different types of user identity information from the different identity providers.
Regards ComponentSpace Development
|