eduPersonScopedAffiliation not mapping correctly

Scott Klawitter sklawitter at ebsco.com
Tue Nov 1 17:00:13 GMT 2011 

All,

 

We are unsuccessfully mapping the "affiliation" attribute from the SIR
(Spain) federation. 

 

The value that we are getting in the end looks like this:

 

                member

 

We are missing the scope and expecting something like this:

 

                member at cchs.csic.es

 

These are the default attribute mappings in our attribute-map.xml file
(I can attach the entire file if more is needed):

 

    <Attribute
name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
id="affiliation">

        <AttributeDecoder xsi:type="ScopedAttributeDecoder"
caseSensitive="false"/>

    </Attribute>

    <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" id="affiliation">

        <AttributeDecoder xsi:type="ScopedAttributeDecoder"
caseSensitive="false"/>

    </Attribute>

 

Here is a snippet of the SAML sent from the Identity Provider:

 

Line 1:  <?xml version="1.0"?>

Line 2:  <samlp:Response
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 

                         ID="_hidden_for_email" 

                         InResponseTo="_hidden_for_email" 

                         Version="2.0" 

                         IssueInstant="hidden_for_email" 

 
Destination="https://shibboleth.metapress.com/Shibboleth.sso/SAML2/POST"
>

Line 3:    <saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://www.rediris.e
s/sir/csicidp</saml:Issuer>

Line 4:    <samlp:Status
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

Line 5:      <samlp:StatusCode
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 

 
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>

Line 6:    </samlp:Status>

Line 7:    <saml:Assertion Version="2.0" 

                           ID="hidden_for_email" 

                           IssueInstant="hidden_for_email">

Line 8:      ...

Line 9:      <saml:AttributeStatement>

Line 10:       <saml:Attribute
Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">

Line 11:         <saml:AttributeValue
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Scope="cchs.csic.es">member</saml:AttributeValue>

Line 12:       </saml:Attribute>

Line 13:     </saml:AttributeStatement>

Line 14:     ...

Line 15:   </saml:Assertion>

Line 16: </samlp:Response>

 

Does anyone see what we may be doing wrong?

 

Does anyone know of a great document that can help explain custom
mappings so that we can resolve this type of issue in the future?

 

Thanks in advance,

 

Scott Klawitter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20111101/02564c9c/attachment-0001.html

More information about the users mailing list