eduPersonScopedAffiliation not mapping correctly

Scott Klawitter sklawitter at ebsco.com
Tue Nov 1 18:10:13 GMT 2011 

>> There is no SAML 2.0 attribute named
>> "urn:mace:dir:attributedef:eduPersonScopedAffiliation" and it is
invalid to send the Scope as a separate attribute. Both are SAML 1.1
conventions.

Note: I think you missed a dash in the name
"urn:mace:dir:attribute-def:eduPersonScopedAffiliation" **

>> Also, there is no NameFormat specified, which means the format is
wrong.

Is it true that all attributes that have compound elements such as
eduPersonScopedAffiliation need a NameFormat?
 
>> All that said, a supported SP (i.e. 2.4.3) hides all that and would
handle it by virtue of the mapping being in place for SAML 1.1 usage,
and because it's now very forgiving about NameFormat.

Or does version 2.4.0 and above resolve some of the Name Formatting
errors?

>> So I have no explanation for you unless you're using an unsupported
version. Then I could probably hazard a guess that it's the missing
NameFormat.

Is version 2.3.1 supported?

>> >Does anyone know of a great document that can help explain custom 
>> >mappings so that we can resolve this type of issue in the future?

>> What are you looking for that isn't documented and/or what is it you
don't understand?

I was unsure of how to create the mapping for this attribute. You
explained why it is invalid though, so this helps me out.


** Correction above was made so others with the same error, can find and
resolve the same error if encountered.

Thank you,

Scott Klawitter


-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
On Behalf Of Cantor, Scott
Sent: Tuesday, November 01, 2011 12:11 PM
To: users at shibboleth.net
Subject: Re: eduPersonScopedAffiliation not mapping correctly

On 11/1/11 1:00 PM, "Scott Klawitter" <sklawitter at ebsco.com> wrote:
>Line 10:       <saml:Attribute
>Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation">
>Line 11:         <saml:AttributeValue
>xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>Scope="cchs.csic.es">member</saml:AttributeValue>
>Line 12:       </saml:Attribute>

This is invalid.

There is no SAML 2.0 attribute named
"urn:mace:dir:attributedef:eduPersonScopedAffiliation" and it is invalid
to send the Scope as a separate attribute. Both are SAML 1.1
conventions.

Also, there is no NameFormat specified, which means the format is wrong.

All that said, a supported SP (i.e. 2.4.3) hides all that and would
handle it by virtue of the mapping being in place for SAML 1.1 usage,
and because it's now very forgiving about NameFormat.

So I have no explanation for you unless you're using an unsupported
version. Then I could probably hazard a guess that it's the missing
NameFormat.

>Does anyone know of a great document that can help explain custom 
>mappings so that we can resolve this type of issue in the future?

What are you looking for that isn't documented and/or what is it you
don't understand?

-- Scott

--
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net

More information about the users mailing list