employeeNumber from employeeID in active directory

Chad La Joie lajoie at itumi.biz
Wed Sep 7 14:38:37 BST 2011 

You'll have to check your logs on debug.  It will tell you which
attributes it gets back from LDAP, how many values it has, if those
values are used by a given attribute definition, and if the created
attributes are released or not.

On Wed, Sep 7, 2011 at 09:13, Jean Robertson <jean.robertson at mcgill.ca> wrote:
> Hello,
>
> On September 6, 2011 05:26:18 pm Brent Putman wrote:
>> On 9/6/11 3:58 PM, Jean Robertson wrote:
>> > I have an attribute-resolver.xml snippet that looks like this:
>> >     <resolver:AttributeDefinition id="employeeNumber"
>> >
>> >         xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
>> >         sourceAttributeID="employeeID">
>> >         <resolver:Dependency ref="myLDAP" />
>> >
>> >         <resolver:AttributeEncoder xsi:type="SAML1String"
>> >
>> >             xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
>> >             name="urn:mace:dir:attribute-def:employeeNumber" />
>> >
>> >         <resolver:AttributeEncoder xsi:type="SAML2String"
>> >
>> >             xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
>> >             name="urn:oid:2.16.840.1.113730.3.1.3"
>> >             friendlyName="employeeNumber" />
>> >
>> >     </resolver:AttributeDefinition>
>>
>> At first glance that looks ok.  Did you remember to also add or update a
>> rule to attribute-filter.xml to actually release the attribute to the
>> SP(s) you are using to test?
>
> Thanks for looking at this.
>
> Yes.
>
> Here is the rule:
>
>    <AttributeFilterPolicy id="releaseToShibSP">
>
> ..... lots cut out ....
>
>        <AttributeRule attributeID="employeeNumber">
>                <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule>
>
>    </AttributeFilterPolicy>
>
>
> The weird thing is that the attribute employeeID (the source attribute)
> appears only once in the debug logs. Only to say that it was found.
>
> employeeNumber (what I am trying to pass to the test SP) does not appear
> anywhere.
>
> It does not appear later in the logs, with the other attributes when it comes
> time to resolve them
>
> For example of a successfully resolved attribute:
>
> Resolving attribute manager for principal jean.robertson at mcgill.ca
> Resolved attribute manager containing 1 values
>
> It does not appear either in the list of attributes sent to the test SP
>
> ShibbolethAttributeFilteringEngine:131] - Filter policy releaseToShibSP is
> active for principal jean.robertson
>
>
>
> Jean
>
> --
> Jean Robertson, McGill University (514) 398-8117
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>



-- 
Chad La Joie
www.itumi.biz
trusted identities, delivered

More information about the users mailing list