eduPersonScopedAffiliation not mapping correctly
Cantor, Scott
cantor.2 at osu.edu
Tue Nov 1 17:11:17 GMT 2011
On 11/1/11 1:00 PM, "Scott Klawitter" <sklawitter at ebsco.com> wrote:
>Line 10: <saml:Attribute
>Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
>Line 11: <saml:AttributeValue
>xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>Scope="cchs.csic.es">member</saml:AttributeValue>
>Line 12: </saml:Attribute>
This is invalid.
There is no SAML 2.0 attribute named
"urn:mace:dir:attributedef:eduPersonScopedAffiliation" and it is invalid
to send the Scope as a separate attribute. Both are SAML 1.1 conventions.
Also, there is no NameFormat specified, which means the format is wrong.
All that said, a supported SP (i.e. 2.4.3) hides all that and would handle
it by virtue of the mapping being in place for SAML 1.1 usage, and because
it's now very forgiving about NameFormat.
So I have no explanation for you unless you're using an unsupported
version. Then I could probably hazard a guess that it's the missing
NameFormat.
>Does anyone know of a great document that can help explain custom
>mappings so that we can resolve this type of issue in the future?
What are you looking for that isn't documented and/or what is it you don't
understand?
-- Scott
More information about the users
mailing list