Multiple Logon Credentials
Peter Schober
peter.schober at univie.ac.at
Wed Sep 21 13:47:58 BST 2011
* Miller, Greg <gmiller at richmond.edu> [2011-09-21 14:45]:
> I am attempting to offer our users the ability to logon to the
> Shibboleth IdP with either their "cn" or "mail" attribute in
> LDAP. This would give users the option of logging in with their
> NetID or their @richmond.edu email address.
[...]
> <FilterTemplate>
> <![CDATA[
> (cn=$requestContext.principalName)
> ]]>
> </FilterTemplate>
>
> I suspect that I need to modify the "FilterTemplate" directive, but
> I am not sure how to do so. I have reviewed the list archives and
> the relevant documentation, but am still not sure how to configure
> this correctly.
It's just an LDAP search filter (RFC4515), so I'd try
(|(cn=$requestContext.principalName)(mail=$requestContext.principalName))
inside the CDATA section.
-peter
More information about the users
mailing list