incorporating opensso metadata and extended metadata xml files into shibboleth SP
csross
cross at hccs.com
Mon Aug 20 11:30:02 EDT 2012
On 8/19/2012 5:44 PM, csross wrote:
> On 8/19/12 3:00 PM, "csross" <[hidden email]
</user/SendEmail.jtp?type=node&node=7581375&i=0>> wrote:
> >
> >I have to talk to a new IDP with a new SP on my shib 2.4.3 solaris
> >server.
> >I believe the IDP is opensso and the administrator does not have any
> >experience with shibboleth as they never had any SPs running it.
They sent
> >me a metadata.xml file which I specified identified in the
shibboleth2.xml
> >file. They also sent me an extended metadata.xml file which has a
number
> >of
> >Attritribute name= and value. These look nothing like what is in
the
> >attribute-map.xml file I use for other IDPs I contact but they run
> >Shibboleth.
>
> >>>The SP doesn't use any of that particular information in metadata.
>
> >>>Obviously the attributes they're sending do have to be mapped but
that
> doesn't involve the metadata.
>
> Thank you. Has anyone done this, manually created a mapping for
attributes passed from another SSO-ipd into a format shibboleth
understands please? If there is a doc on this, I would greatly
> appreciate the link. I know it depends on what attribute they are
sending, etc, but a generic example would be great.
>
THANK YOU VERY MUCH.
>>>>I have done this as a test, with opensso as the idp.
>>>>There was nothing special with the metadata file.
Do I use the extended metadata file at all or just the non-extended file
please?
>>>>But in the SP attribute-map.xml file I uncommented the section:
>>>> <!--Examples of LDAP-based attributes, uncomment to use these...
-->
I do not know about LDAP so I will see about adding something like this
to the bottom of the map file. Some research showed the need for
AttritributeDecoder. Did you have to do anything with that please?
>>>> and added:
>>>> <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/>
>>>> <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid"/>
>>>> In the shibboleth2.xml file, since OpenSSO does not return a eppn,
>>>> but only a uid (unscoped) I change the REMOTE_USER=
The admin for the IDP sent me a screenshot of NamdID Format Current
Values. Do you know if I have to do anything with this? I hate GUIs.
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified
>>>> REMOTE_USER="eppn uid persistent-id targeted-id"
>>>> So in our case, opensso sends LDAP attrubutes including givenName,
sn, cn and uid.
Again, thank you. This has been helpful.
Christine
>
> >A lot of sites I researched mentioned NameIDFormat and I see these
in the
> >metadata.xml and extended-metadata.xml, but again it is in an
unfamilar
> >format. Is there any relation to the entries in attritbute-map?
>
> >>>No.
>
> >Does anyone have any idea how to incorporate this into Shibboleth
please?
>
> >>>You don't need to.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to [hidden email]
</user/SendEmail.jtp?type=node&node=7581375&i=1>
>
>
>
>
> _______________________________________________
> If you reply to this email, your message will be added to the
discussion below:
>
http://shibboleth.1660669.n2.nabble.com/incorporating-opensso-metadata-a
nd-extended-metadata-xml-files-into-shibboleth-SP-tp7581372p7581374.html
>
> To unsubscribe from incorporating opensso metadata and extended
metadata xml files into shibboleth SP, visit
>
>
>
------------------------------------------------------------------------
------------------------------------------------------------------------
--------------------------------------------------------
> View this message in context: RE: incorporating opensso metadata and
extended metadata xml files into shibboleth SP
>
<http://shibboleth.1660669.n2.nabble.com/incorporating-opensso-metadata-
and-extended-metadata-xml-files-into-shibboleth-SP-tp7581372p7581375.htm
l>
> Sent from the Shibboleth - Users mailing list archive
<http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html>
at Nabble.com.
>
>
> --
> To unsubscribe from this list send an email to [hidden email]
>
--
Douglas E. Engert <[hidden email]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
--
To unsubscribe from this list send an email to [hidden email]
________________________________
If you reply to this email, your message will be added to the discussion
below:
http://shibboleth.1660669.n2.nabble.com/incorporating-opensso-metadata-a
nd-extended-metadata-xml-files-into-shibboleth-SP-tp7581372p7581382.html
To unsubscribe from incorporating opensso metadata and extended metadata
xml files into shibboleth SP, click here
<http://shibboleth.1660669.n2.nabble.com/template/NamlServlet.jtp?macro=
unsubscribe_by_code&node=7581372&code=Y3Jvc3NAaGNjcy5jb218NzU4MTM3MnwtND
I4NjA4MTk0> .
NAML
<http://shibboleth.1660669.n2.nabble.com/template/NamlServlet.jtp?macro=
macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.name
spaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.vi
ew.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3A
email.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nab
ble%3Aemail.naml>
--
View this message in context: http://shibboleth.1660669.n2.nabble.com/incorporating-opensso-metadata-and-extended-metadata-xml-files-into-shibboleth-SP-tp7581372p7581384.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120820/27197bd6/attachment-0001.html
More information about the users
mailing list