anyone filtering based on EntityAttributes in metadata ?

Tom Scavo trscavo at gmail.com
Fri Sep 2 22:01:11 BST 2011 

Steven, are all namespace prefixes defined in metadata? Especially the attr prefix?

Tom

On Sep 2, 2011, at 1:14 PM, Steven Carmody <Steven_Carmody at brown.edu> wrote:

> I'm getting an NPE when I try this.... I suspect I'm doing something 
> wrong....
> 
> can anyone spot the problem ?
> 
> thanks!
> 
> 12:55:34.778 - DEBUG 
> [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:130] 
> - Evaluating if filter policy releaseToTest9TAG is active for principal stc
> 12:55:34.794 - ERROR 
> [edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet:89] 
> - Error occurred while processing request
> java.lang.NullPointerException: null
>         at 
> edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml.AbstractEntityAttributeMatchFunctor.getEntityAttribute(AbstractEntityAttributeMatchFunctor.java:169) 
> ~[shibboleth-common-1.3.3.jar:na]
>         at 
> edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml.AbstractEntityAttributeMatchFunctor.hasEntityAttribute(AbstractEntityAttributeMatchFunctor.java:114) 
> ~[shibboleth-common-1.3.3.jar:na]
> 
> Here's what I have within the Extensions element for my SP:
> 
> <attr:EntityAttributes>
> <saml:Attribute FriendlyName="TestPolicyAttribute" 
> Name="urn:mace:incommon:tags" 
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> 
> <saml:AttributeValue 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
> xsi:type="xs:string">Category-1</saml:AttributeValue>
> 
> </saml:Attribute>
> </attr:EntityAttributes>
> 
> and here's the filter policy that I'm using:
> 
> 
>      <AttributeFilterPolicy id="releaseToTest9TAG">
>        <PolicyRequirementRule 
> xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
>                        attributeName="urn:mace:incommon:tags"
>                        attributeValue="Category-1" />
>         <AttributeRule attributeID="eduPersonPrincipalName">
>             <PermitValueRule xsi:type="basic:ANY" />
>         </AttributeRule>
>         <AttributeRule attributeID="email">
>             <PermitValueRule xsi:type="basic:ANY" />
>         </AttributeRule>
>         <AttributeRule attributeID="displayName">
>             <PermitValueRule xsi:type="basic:ANY" />
>        </AttributeRule>
>    
>         <AttributeRule attributeID="givenName">
>             <PermitValueRule xsi:type="basic:ANY" />
>         </AttributeRule>
>         <AttributeRule attributeID="surName">
>             <PermitValueRule xsi:type="basic:ANY" />
>         </AttributeRule>
>         <AttributeRule attributeID="eduPersonScopedAffiliation">
>             <PermitValueRule xsi:type="basic:ANY" />
>         </AttributeRule>
>     </AttributeFilterPolicy>
> 
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list