New attribute filter help

Pete Birkinshaw Peter.Birkinshaw at manchester.ac.uk
Fri Sep 30 17:47:11 BST 2011 

Hi,

The instructions in their email got a bit mangled/confused somewhere - they don't make sense.

I emailed them about this yesterday  and got a reply saying that releasing eduPersonTargetedID as normal should work fine. I don't think we'll need to make any changes. Probably a good idea to keep an eye on things after they switch to the new configuration though...

Pete

--
Peter Birkinshaw
Senior Directory and Registration Administrator
IT Services Division         | +44 (0)161 306 3118
The University of Manchester | PGP: 0xB7B0B433

________________________________
From: users-bounces at shibboleth.net [users-bounces at shibboleth.net] on behalf of Morris, Andi [amorris at uwic.ac.uk]
Sent: 30 September 2011 16:53
To: users at shibboleth.net
Subject: New attribute filter help

Hi all,
I’ve just been asked to release some new attributes for a service that our library uses.  The information is in the text below.
For Shibboleth users, we are expecting to receive the following attributes:
     > An attribute with a name that matches the regular expression (ignoring case) ".*OASCOPED.URN.MACE.DIR_ATTRIBUTE.DEF.EDUPERSONTARGETEDID.*". The value should be some sort if ID representing the logged in user followed by =@"idpdomain"

So an example would be [OA.OASCOPED.URN.MACE.DIR.ATTRIBUTE.DEF.EDUPERSONTARGETEDID] => wduOx72J9wJAQz7sEZowoBLKpio=@typekey.sdss.ac.uk<mailto:wduOx72J9wJAQz7sEZowoBLKpio=@typekey.sdss.ac.uk>



  > An attribute with a name that matches the regular expression".*IDP.ENTITY.*". The value should be the EntityID of the Identity provider.
An example would be [OA_IDP_ENTITY] => https://typekey.sdss.ac.uk/shibboleth





Now, we already release the EDUPERSONTARGETEDID, but not with that expression.  Ours is:

    <resolver:AttributeDefinition xsi:type="ad:SAML2NameID" id="eduPersonTargetedID"

                                  nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" sourceAttributeID="computedID">

        <resolver:Dependency ref="computedID" />

        <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />

        <resolver:AttributeEncoder xsi:type="enc:SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />

    </resolver:AttributeDefinition>



Will that work?



Also, is there a way I can release the EntityID as an attribute?



I’m quite new to all this, and have read the attribute section of the documentation, but it’s not quite all sunk in yet.  Any help would be appreciated.



Cheers,

Andi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110930/7de6fd6f/attachment.html

More information about the users mailing list