configure SP for authentication and attribute retrieval

Tonu Mikk tmikk at
Tue Sep 6 22:06:19 BST 2011

Thanks Scott.  I take it that I can then ask the people who manage the IdP
to release some additional attributes for an existing entityID?  Once they
are released I can make them available by configuring the attribute-map.xml


On Tue, Sep 6, 2011 at 3:57 PM, Cantor, Scott <cantor.2 at> wrote:

> On 9/6/11 4:48 PM, "Tonu Mikk" <tmikk at> wrote:
> >I would like to configure our SP for authentication and also attribute
> >retrieval.  A user would authenticate and upon successful authentication
> >the web server would have access to some additional attributes.
> That's the standard approach and is "the normal way" of using the SP.
> >So far I have configured shibboleth2.xml and metadata file to work with
> >our IdP and provide authentication.  I am now looking to configure these
> >two files so that I can retrieve attributes.   Do I need to create a new
> >entity ID in order to retrieve attributes?
> No, you just need to configure the IdP to release the attributes you want
> or ask that it be done.
> >For metadata configuration I am referencing this guide:
> >
> >aForSP-AssertionConsumerServices .  I understand that I would need to
> >manually create entries like this in the metadata.  How would I know the
> >Name and NameFormat that I would need to reference?
> All of that is largely irrelevant to initially testing out this kind of
> thing. The decision on what to release is generally the IdP's to make.
> More dynamic scenarios are far beyond what you want to deal with based on
> the questions you're asking.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at

Tonu Mikk
Disability Services, Office for Equity and Diversity
612 625-3307
tmikk at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list