How to put the principal name to an attribute?

Yaowen Tu yaowen.tu at
Thu Aug 9 21:15:53 EDT 2012


I have implemented a customized LoginModule, which is used by IdP to do the
real authentication. This part is working now. Next part I want to do is
put the username into Assertion and release it to SP.

I know that the best way to do is implementing a customized DataConnector,
but I am wondering whether it is possible to eliminate this, since all the
IdP will expose is just a "username". The username is just a principal name
which is already available after user login.

My question is in the attribute-resolver.xml, how can I configure it to get
the principal name and put into an attribute?

I am looking for something like:

<resolver:AttributeDefinition xsi:type="ad:Simple" id="username"
        <resolver:AttributeEncoder xsi:type="enc:SAML1String"
name="urn:mace:dir:attribute-def:mail" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String"

Is that feasible?

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list