New attribute filter help
cantor.2 at osu.edu
Fri Sep 30 18:11:32 BST 2011
On 9/30/11 11:53 AM, "Morris, Andi" <amorris at uwic.ac.uk> wrote:
>For Shibboleth users, we are expecting to receive the following
> > An attribute with a name that matches the regular expression
>".*OASCOPED.URN.MACE.DIR_ATTRIBUTE.DEF.EDUPERSONTARGETEDID.*". The value
>should be some sort if ID representing the logged in user followed by
That would be a deprecated form and you shouldn't need to release that to
anybody. The SP has plenty of tools for them to use to normalize what you
send into whatever form they need, and if they're using "not Shibboleth",
that remains their responsibility.
>An attribute with a name that matches the regular
>expression".*IDP.ENTITY.*". The value should be the EntityID of the
That's not typical, and it is incorrect to use "regular expressions" to
match attribute names.
Again, any SP should provide access to the issuer of the assertion, which
is your entityID.
>Also, is there a way I can release the EntityID as an attribute?
You would need to populate it from information in the request context.
More information about the users