Unsure why an Attribute is not being released?

Kanuch, Andrew Andy.Kanuch at sdstate.edu
Thu Nov 1 13:17:45 EDT 2012 

Hello,

I recently setup our first IDP, and I'm attempting release a specific attribute from AD,  but it does not appear to be working.    The IDP is working, and authenticates successfully,  it just doesn't release the specified attributes.   Could you please tell me if I'm missing a step somewhere?

(To test it, I'm pointing it against  https://service1.internet2.edu/test/  )


1.       In my attribute-resolver.xml  I have added the following definition:



    <resolver:AttributeDefinition xsi:type="ad:Simple" id="givenName" sourceAttributeID="givenName">

        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:givenName" />

        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" />

    </resolver:AttributeDefinition>


2.       In the attribute-filter.xml  I have added the following within the AttributeFilterPolicyGroup:



<afp:AttributeFilterPolicy>

        <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://service1.internet2.edu/test/" />



        <afp:AttributeRule attributeID="givenName">

            <afp:PermitValueRule xsi:type="basic:ANY" />

        </afp:AttributeRule>

    </afp:AttributeFilterPolicy>


With these two items, if I go to https://service1.internet2.edu/test/ and resolve against my IDP I should see the givenName value on the next page, shouldn't I?


All I receive is:

Shibboleth v2.x SP (entityID="https://fm.incommon.org/sp")
$_SERVER[eppn]

$_SERVER[affiliation]

$_SERVER[unscoped-affiliation]

$_SERVER[entitlement]

$_SERVER[targeted-id]

$_SERVER[persistent-id]

https://icarus.sdstate.edu/idp/shibboleth!https://fm.incommon.org/sp!qCdRgO4Ykzw8mJEsStThPVKAPGo=

$_SERVER[primary-affiliation]

$_SERVER[nickname]

$_SERVER[primary-orgunit-dn]

$_SERVER[orgunit-dn]

$_SERVER[org-dn]

$_SERVER[cn]

$_SERVER[sn]

$_SERVER[givenName]

$_SERVER[mail]

$_SERVER[telephoneNumber]

$_SERVER[Shib-Identity-Provider]

https://icarus.sdstate.edu/idp/shibboleth




Am I missing a step somewhere?

Thanks

Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121101/bdb97258/attachment-0001.html

More information about the users mailing list