employeeNumber from employeeID in active directory

Jean Robertson jean.robertson at mcgill.ca
Wed Sep 7 14:13:37 BST 2011 

Hello,

On September 6, 2011 05:26:18 pm Brent Putman wrote:
> On 9/6/11 3:58 PM, Jean Robertson wrote:
> > I have an attribute-resolver.xml snippet that looks like this:
> >     <resolver:AttributeDefinition id="employeeNumber"
> >     
> >         xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
> >         sourceAttributeID="employeeID">
> >         <resolver:Dependency ref="myLDAP" />
> >         
> >         <resolver:AttributeEncoder xsi:type="SAML1String"
> >         
> >             xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
> >             name="urn:mace:dir:attribute-def:employeeNumber" />
> >         
> >         <resolver:AttributeEncoder xsi:type="SAML2String"
> >         
> >             xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
> >             name="urn:oid:2.16.840.1.113730.3.1.3"
> >             friendlyName="employeeNumber" />
> >     
> >     </resolver:AttributeDefinition>
> 
> At first glance that looks ok.  Did you remember to also add or update a
> rule to attribute-filter.xml to actually release the attribute to the
> SP(s) you are using to test?

Thanks for looking at this.

Yes.

Here is the rule:

    <AttributeFilterPolicy id="releaseToShibSP">

..... lots cut out ....

        <AttributeRule attributeID="employeeNumber">      
		<PermitValueRule xsi:type="basic:ANY" /> </AttributeRule>

    </AttributeFilterPolicy>


The weird thing is that the attribute employeeID (the source attribute) 
appears only once in the debug logs. Only to say that it was found.

employeeNumber (what I am trying to pass to the test SP) does not appear 
anywhere.

It does not appear later in the logs, with the other attributes when it comes 
time to resolve them

For example of a successfully resolved attribute:

Resolving attribute manager for principal jean.robertson at mcgill.ca
Resolved attribute manager containing 1 values

It does not appear either in the list of attributes sent to the test SP

ShibbolethAttributeFilteringEngine:131] - Filter policy releaseToShibSP is 
active for principal jean.robertson



Jean

-- 
Jean Robertson, McGill University (514) 398-8117

More information about the users mailing list