Questions about returning roles in the Assertion
Yaowen Tu
yaowen.tu at gmail.com
Thu Aug 30 21:14:44 EDT 2012
Hi,
I have some questions about returning roles in the Assertion. I understand
that this mail list might not be the ideal place to ask such question, but
I just hope whether people can give me some ideas.
1) How to return a list of roles if Shib IdP is connecting to a LDAP? Maybe
this is more of a LDAP question, but I have tried to googled around, still
cannot find the answer.
Currently I can get all the attributes by:
<dc:FilterTemplate>
<![CDATA[
(uid=$requestContext.principalName)
]]>
</dc:FilterTemplate>
What if in the LDAP it also has role definitions, and defined
which users belong to which roles. Would it be possible to retrieve a list
of roles of a particular user?
I am not very familiar with LDAP, so I hope that people in this list
have done similar things before.
2) This is more of a general or best practice question: Is it common to
include role information in the Assertion? For existing IdP providers
especially those enterprise applications, what kind of information is
usually included in the Assertion?
Thanks,
Yaowen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120830/6b2bc862/attachment.html
More information about the users
mailing list