configure SP for authentication and attribute retrieval

[Tonu Mikk]

I asked the people who manage our IdP to release additional attributes.
 After they had done so, I accessed
https://mydomain/Shibboleth.sso/Sessionand did not see additional
attributes.

*Miscellaneous**Client Address:* 160.94.228.108*Identity Provider:*
https://idp-test.shib.umn.edu/idp/shibboleth*SSO Protocol:*
urn:oasis:names:tc:SAML:2.0:protocol*Authentication Time:*
2011-09-07T18:55:36.151Z*Authentication Context Class:*
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified*Authentication
Context Decl:* (none)*Session Expiration (barring inactivity):* 479
minute(s)
*Attributes**eppn*: 1 value(s)


On the IdP side, the log shows the following:
13:07:11.613 - INFO [Shibboleth-Audit:1015] -
20110907T180711Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_ce82006ebb095c399ccc0cbb9eb8c0b3|
https://oedweb.oit.umn.edu/shibboleth/default|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://idp-test.shib.umn.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c73a5fb78f839bcfecc78ec5b2281c67|tmikk|urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified|umnEmplId,surname,umnDisplayMail,givenName,uid,homePhone,umnPersonType,transientId,umnDID,<https://oedweb.oit.umn.edu/shibboleth/default%7Curn:mace:shibboleth:2.0:profiles:saml2:sso%7Chttps://idp-test.shib.umn.edu/idp/shibboleth%7Curn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST%7C_c73a5fb78f839bcfecc78ec5b2281c67%7Ctmikk%7Curn:oasis:names:tc:SAML:2.0:ac:classes:unspecified%7CumnEmplId,surname,umnDisplayMail,givenName,uid,homePhone,umnPersonType,transientId,umnDID,eduPersonPrincipalName,%7C%7C%7C>
eduPersonPrincipalName,|||<https://oedweb.oit.umn.edu/shibboleth/default%7Curn:mace:shibboleth:2.0:profiles:saml2:sso%7Chttps://idp-test.shib.umn.edu/idp/shibboleth%7Curn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST%7C_c73a5fb78f839bcfecc78ec5b2281c67%7Ctmikk%7Curn:oasis:names:tc:SAML:2.0:ac:classes:unspecified%7CumnEmplId,surname,umnDisplayMail,givenName,uid,homePhone,umnPersonType,transientId,umnDID,eduPersonPrincipalName,%7C%7C%7C>

The log seems to indicate that the attributes were released.  Do I need to
configure attribute-map.xml file before I can see the released attributes
in https://mydomain/Shibboleth.sso/Session URL?

Thanks,
Tonu
On Tue, Sep 6, 2011 at 5:50 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 9/6/11 5:06 PM, "Tonu Mikk" <tmikk at umn.edu> wrote:
>
> >Thanks Scott.  I take it that I can then ask the people who manage the
> >IdP to release some additional attributes for an existing entityID?  Once
> >they are released I can make them available by configuring the
> >attribute-map.xml file.
>
> Yes. Putting them in metadata does nothing to get them released from the
> majority of IdPs unless you're ahead of the curve.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 
Tonu Mikk
Disability Services, Office for Equity and Diversity
612 625-3307
tmikk at umn.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110907/20807235/attachment-0001.html