How to put the principal name to an attribute?

Nate Klingenstein ndk at
Thu Aug 9 21:23:42 EDT 2012



Take care,

On Aug 10, 2012, at 1:15 , Yaowen Tu wrote:

> Hi,
> I have implemented a customized LoginModule, which is used by IdP to  
> do the real authentication. This part is working now. Next part I  
> want to do is put the username into Assertion and release it to SP.
> I know that the best way to do is implementing a customized  
> DataConnector, but I am wondering whether it is possible to  
> eliminate this, since all the IdP will expose is just a "username".  
> The username is just a principal name which is already available  
> after user login.
> My question is in the attribute-resolver.xml, how can I configure it  
> to get the principal name and put into an attribute?
> I am looking for something like:
> <resolver:AttributeDefinition xsi:type="ad:Simple" id="username"  
> sourceAttributeID="$PrincipalName$">
>         <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail 
> " />
>         <resolver:AttributeEncoder xsi:type="enc:SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder 
> "/>
>     </resolver:AttributeDefinition>
> Is that feasible?
> Best,
> Yaowen
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list