configure SP for authentication and attribute retrieval

Tonu Mikk tmikk at
Wed Sep 7 20:23:45 BST 2011

I asked the people who manage our IdP to release additional attributes.
 After they had done so, I accessed
https://mydomain/Shibboleth.sso/Sessionand did not see additional

*Miscellaneous**Client Address:**Identity Provider:**SSO Protocol:*
urn:oasis:names:tc:SAML:2.0:protocol*Authentication Time:*
2011-09-07T18:55:36.151Z*Authentication Context Class:*
Context Decl:* (none)*Session Expiration (barring inactivity):* 479
*Attributes**eppn*: 1 value(s)

On the IdP side, the log shows the following:
13:07:11.613 - INFO [Shibboleth-Audit:1015] -

The log seems to indicate that the attributes were released.  Do I need to
configure attribute-map.xml file before I can see the released attributes
in https://mydomain/Shibboleth.sso/Session URL?

On Tue, Sep 6, 2011 at 5:50 PM, Cantor, Scott <cantor.2 at> wrote:

> On 9/6/11 5:06 PM, "Tonu Mikk" <tmikk at> wrote:
> >Thanks Scott.  I take it that I can then ask the people who manage the
> >IdP to release some additional attributes for an existing entityID?  Once
> >they are released I can make them available by configuring the
> >attribute-map.xml file.
> Yes. Putting them in metadata does nothing to get them released from the
> majority of IdPs unless you're ahead of the curve.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at

Tonu Mikk
Disability Services, Office for Equity and Diversity
612 625-3307
tmikk at
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list