configure SP for authentication and attribute retrieval

Cantor, Scott cantor.2 at
Tue Sep 6 21:57:26 BST 2011

On 9/6/11 4:48 PM, "Tonu Mikk" <tmikk at> wrote:

>I would like to configure our SP for authentication and also attribute
>retrieval.  A user would authenticate and upon successful authentication
>the web server would have access to some additional attributes.

That's the standard approach and is "the normal way" of using the SP.

>So far I have configured shibboleth2.xml and metadata file to work with
>our IdP and provide authentication.  I am now looking to configure these
>two files so that I can retrieve attributes.   Do I need to create a new
>entity ID in order to retrieve attributes?

No, you just need to configure the IdP to release the attributes you want
or ask that it be done.

>For metadata configuration I am referencing this guide:
>aForSP-AssertionConsumerServices .  I understand that I would need to
>manually create entries like this in the metadata.  How would I know the
>Name and NameFormat that I would need to reference?

All of that is largely irrelevant to initially testing out this kind of
thing. The decision on what to release is generally the IdP's to make.
More dynamic scenarios are far beyond what you want to deal with based on
the questions you're asking.

-- Scott

More information about the users mailing list