anyone filtering based on EntityAttributes in metadata ?

Steven Carmody Steven_Carmody at brown.edu
Fri Sep 2 18:14:34 BST 2011 

I'm getting an NPE when I try this.... I suspect I'm doing something 
wrong....

can anyone spot the problem ?

thanks!

12:55:34.778 - DEBUG 
[edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] 
- Evaluating if filter policy releaseToTest9TAG is active for principal stc
12:55:34.794 - ERROR 
[edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:89] 
- Error occurred while processing request
java.lang.NullPointerException: null
         at 
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml.AbstractEntityAttributeMatchFunctor.getEntityAttribute(AbstractEntityAttributeMatchFunctor.java:169) 
~[shibboleth-common-1.3.3.jar:na]
         at 
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml.AbstractEntityAttributeMatchFunctor.hasEntityAttribute(AbstractEntityAttributeMatchFunctor.java:114) 
~[shibboleth-common-1.3.3.jar:na]

Here's what I have within the Extensions element for my SP:

<attr:EntityAttributes>
<saml:Attribute FriendlyName="TestPolicyAttribute" 
Name="urn:mace:incommon:tags" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">

<saml:AttributeValue 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:type="xs:string">Category-1</saml:AttributeValue>

</saml:Attribute>
</attr:EntityAttributes>

and here's the filter policy that I'm using:


      <AttributeFilterPolicy id="releaseToTest9TAG">
		<PolicyRequirementRule 
xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
                        attributeName="urn:mace:incommon:tags"
                        attributeValue="Category-1" />
         <AttributeRule attributeID="eduPersonPrincipalName">
             <PermitValueRule xsi:type="basic:ANY" />
         </AttributeRule>
         <AttributeRule attributeID="email">
             <PermitValueRule xsi:type="basic:ANY" />
         </AttributeRule>
         <AttributeRule attributeID="displayName">
             <PermitValueRule xsi:type="basic:ANY" />
	    </AttributeRule>
	
         <AttributeRule attributeID="givenName">
             <PermitValueRule xsi:type="basic:ANY" />
         </AttributeRule>
         <AttributeRule attributeID="surName">
             <PermitValueRule xsi:type="basic:ANY" />
         </AttributeRule>
         <AttributeRule attributeID="eduPersonScopedAffiliation">
             <PermitValueRule xsi:type="basic:ANY" />
         </AttributeRule>
     </AttributeFilterPolicy>

More information about the users mailing list