coordinating an SP with multiple IdPs

Cantor, Scott cantor.2 at osu.edu
Fri Mar 2 00:27:34 GMT 2012


On 3/1/12 5:31 PM, "Adam Cohen" <adamcohen at berkeley.edu> wrote:

>It doesn't look like the attribute-map.xml is the right place either -
>although the asserted attribute has to be defined there for each IdP,
>there's nothing that seems to establish the connection of the attribute
>to the http header that is passed to the SP.

I'm puzzled by that impression since that is the entire and sole purpose
of that file.

That said, REMOTE_USER isn't really a header, and that question was
answered earlier.

>Any pointers to documentation or an example of this configuration would
>be appreciated

The starting point would be to look up the definition of the REMOTE_USER
setting in the configuration reference, and you'll find it documenting the
behavior mentioned by the other poster. Or at least it's trying to, I
don't recall the exact definition it gives.


-- Scott



More information about the users mailing list