Questions about returning roles in the Assertion

Yaowen Tu yaowen.tu at
Thu Aug 30 21:14:44 EDT 2012


I have some questions about returning roles in the Assertion. I understand
that this mail list might not be the ideal place to ask such question, but
I just hope whether people can give me some ideas.

1) How to return a list of roles if Shib IdP is connecting to a LDAP? Maybe
this is more of a LDAP question, but I have tried to googled around, still
cannot find the answer.
            Currently I can get all the attributes by:
            What if in the LDAP it also has role definitions, and defined
which users belong to which roles. Would it be possible to retrieve a list
of roles of a particular user?

    I am not very familiar with LDAP, so I hope that people in this list
have done similar things before.

2) This is more of a general or best practice question: Is it common to
include role information in the Assertion? For existing IdP providers
especially those enterprise applications, what kind of information is
usually included in the Assertion?

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list