The name ID is the common identifier between the SAML 2.0 identity provider and the service provider. By setting the name ID for a user on SAP NetWeaver Application Server (AS) to the same value as a user on the identity provider, you federate the two accounts. By removing the name ID for a user, you defederate the accounts.
|Name ID Format||Editable Sources||Read-Only Sources|
|Kerberos||Mapping in USREXTID table||None|
|Persistent||Mapping in SAML2_PIDFED table||None|
|Mapping in USREXTID table. Multiple entries
with name qualifiers supported.
Name IDs must not include colons (:).
|Windows Name||Mapping in USREXTID table||None|
|X509 Subject Name||None||Mapping in USREXTID table|
The name IDs for formats Kerberos, Windows Name, and X509 Subject Name apply for all trusted providers. The table USREXTID does not include information indicating the trusted provider for which a name ID in these formats was added.
The system uses the same mapping for Unspecified, Transient, and E-mail name ID formats. If you configure a specific mapping for one of the above formats, it will be set for the other formats too.