incorporating opensso metadata and extended metadata xml files into shibboleth SP
Douglas E. Engert
deengert at anl.gov
Mon Aug 20 11:13:36 EDT 2012
On 8/19/2012 5:44 PM, csross wrote:
> On 8/19/12 3:00 PM, "csross" <[hidden email] </user/SendEmail.jtp?type=node&node=7581375&i=0>> wrote:
> >
> >I have to talk to a new IDP with a new SP on my shib 2.4.3 solaris
> >server.
> >I believe the IDP is opensso and the administrator does not have any
> >experience with shibboleth as they never had any SPs running it. They sent
> >me a metadata.xml file which I specified identified in the shibboleth2.xml
> >file. They also sent me an extended metadata.xml file which has a number
> >of
> >Attritribute name= and value. These look nothing like what is in the
> >attribute-map.xml file I use for other IDPs I contact but they run
> >Shibboleth.
>
> >>>The SP doesn't use any of that particular information in metadata.
>
> >>>Obviously the attributes they're sending do have to be mapped but that
> doesn't involve the metadata.
>
> Thank you. Has anyone done this, manually created a mapping for attributes passed from another SSO-ipd into a format shibboleth understands please? If there is a doc on this, I would greatly
> appreciate the link. I know it depends on what attribute they are sending, etc, but a generic example would be great.
>
I have done this as a test, with opensso as the idp.
There was nothing special with the metadata file.
But in the SP attribute-map.xml file I uncommented the section:
<!--Examples of LDAP-based attributes, uncomment to use these... -->
and added:
<Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
In the shibboleth2.xml file, since OpenSSO does not return a eppn,
but only a uid (unscoped) I change the REMOTE_USER=
REMOTE_USER="eppn uid persistent-id targeted-id"
So in our case, opensso sends LDAP attrubutes including
givenName, sn, cn and uid.
>
> >A lot of sites I researched mentioned NameIDFormat and I see these in the
> >metadata.xml and extended-metadata.xml, but again it is in an unfamilar
> >format. Is there any relation to the entries in attritbute-map?
>
> >>>No.
>
> >Does anyone have any idea how to incorporate this into Shibboleth please?
>
> >>>You don't need to.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to [hidden email] </user/SendEmail.jtp?type=node&node=7581375&i=1>
>
>
>
>
> _______________________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://shibboleth.1660669.n2.nabble.com/incorporating-opensso-metadata-and-extended-metadata-xml-files-into-shibboleth-SP-tp7581372p7581374.html
>
> To unsubscribe from incorporating opensso metadata and extended metadata xml files into shibboleth SP, visit
>
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> View this message in context: RE: incorporating opensso metadata and extended metadata xml files into shibboleth SP
> <http://shibboleth.1660669.n2.nabble.com/incorporating-opensso-metadata-and-extended-metadata-xml-files-into-shibboleth-SP-tp7581372p7581375.html>
> Sent from the Shibboleth - Users mailing list archive <http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html> at Nabble.com.
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the users
mailing list