Passing attributes to testshib two

[Wynne, David]

Thanks Nate,
          Still nothing about the attribute on shib two page but in the idp-process.log the value of the attribute is staff at livjm.ac.uk<mailto:staff at livjm.ac.uk>, which is correct for me.:

<?xml version="1.0" encoding="UTF-8"?><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_1c2498ae44ff89a098de38db3db6ab25" IssueInstant="2012-11-20T17:22:16.757Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
   <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://java.cms.livjm.ac.uk/idp/shibboleth</saml2:Issuer>
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
         <ds:Reference URI="#_1c2498ae44ff89a098de38db3db6ab25">
            <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
               <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                  <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
               </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>R8n3YVUWB1RqrQjTq/HfatM3iAI=</ds:DigestValue>
         </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>TrfcXGFWHYmANXpg9AHKit4WilVIQVmBb1eK70NdJuXlp8Ld3OusghhJqrPOOHyjoZej1oomayr5/o2sc/u1OU7PsvDtD3hLjdC+eJRdJUnK3SJhZTEQka/YNlBAE1k8dpbDRxZq28LtW3g25O/jyyRABpVVKLy89oDqD9puw9mACc+C/wiJAnowYbVTzegZLwB8EzKKSTIK3SC/Yv7lUgqsmrfudjzl7iAZoG/RMuWRZoEMlEv5TCS66A4GnfxxPaw0vkExb9IPIUfPouxOVvJRGHh/wSFUmYKvlkSnVGz/boCorm0d+rIFWzE2g/ObqaFa/L426iI5+CiFXFHJww==</ds:SignatureValue>
      <ds:KeyInfo>
         <ds:X509Data>
            <ds:X509Certificate>MIIDOzCCAiOgAwIBAgIUAxwrx4Sn98FDukGSOhoUmhhWntEwDQYJKoZIhvcNAQEFBQAwHzEdMBsG
A1UEAxMUamF2YS5jbXMubGl2am0uYWMudWswHhcNMTIxMTA5MTIxODA2WhcNMzIxMTA5MTIxODA2
WjAfMR0wGwYDVQQDExRqYXZhLmNtcy5saXZqbS5hYy51azCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ4n/7WV1UKuIo/i10qyFuXLQDbrtJBxN17EfIvFW+EUmPLxIFiKVGc9Cgatv6vV
P33XWaSWYKrw9bv3CmgYwuw8obAmd62CPRVEIoU4LqBZHgMciM0Aujta28Gp2CAnFMq6csc+Z6gy
9X9lAaWxU82OWzp8rbrG79JR07QTG2pU7gpHyEYRRyuTawhtVsorYQmHWs42cuYc+LjclzVqDi/i
XSvwi3AHSBUdjR1HEml8QUjUqSbvgZH3gM7wWGKGOj4hgH4ts/BzwYUBRjnJDkwiwUh+jzm+moBa
Y4ICYjszlBq7rOxkuHnicKLuKYiPNW2+/a9v39yWQ+L6QUVgyCECAwEAAaNvMG0wTAYDVR0RBEUw
Q4IUamF2YS5jbXMubGl2am0uYWMudWuGK2h0dHBzOi8vamF2YS5jbXMubGl2am0uYWMudWsvaWRw
L3NoaWJib2xldGgwHQYDVR0OBBYEFNLsUhuag+qDR3uPTah5SeGjlOW9MA0GCSqGSIb3DQEBBQUA
A4IBAQCQaK46J3N9SYlWmFeeqhvrNgq/sKBLC9MUs8u1RY7gdhi1tQ9k+GfksArpLLUzHP+Tfx38
/lQChXjvUAp30tJJFHr0iQxQBvnD6xxI3GiRugusRx9QRN6KgUAVDCYQGq13YxRnjIKiKjHL7FCf
Tn2WPXTUvQCvOPXurL9v4yQyNksYMGcYlgCW1DvROFLY1RyGdcJRc+xhij/Fe++QaOBqbYe0buQW
L3Nh4iJ/jCMqoSM6BJtUSAqw43ss1VjEDMSF27wBtXFJpCTfqi0q11rvXcN1ocKJ8yWVwXqxl7a/
tFLbobI7zRliodYzeSHDP4y8M7yM47fmuZhVxJG4fU5V</ds:X509Certificate>
         </ds:X509Data>
      </ds:KeyInfo>
   </ds:Signature>
   <saml2:Subject>
      <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://java.cms.livjm.ac.uk/idp/shibboleth" SPNameQualifier="https://sp.testshib.org/shibboleth-sp">_72b930f6045a9cae339dfccfc9ce22a9</saml2:NameID>
      <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
         <saml2:SubjectConfirmationData Address="150.204.48.5" InResponseTo="_2afbff35ff47b034fa40130098587882" NotOnOrAfter="2012-11-20T17:27:16.757Z" Recipient="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"/>
      </saml2:SubjectConfirmation>
   </saml2:Subject>
   <saml2:Conditions NotBefore="2012-11-20T17:22:16.757Z" NotOnOrAfter="2012-11-20T17:27:16.757Z">
      <saml2:AudienceRestriction>
         <saml2:Audience>https://sp.testshib.org/shibboleth-sp</saml2:Audience>
      </saml2:AudienceRestriction>
   </saml2:Conditions>
   <saml2:AuthnStatement AuthnInstant="2012-11-20T17:22:16.594Z" SessionIndex="e75286d8dbee1ffc996a0598178b546fb9b45a646cee0792d0bd78a2062747f1">
      <saml2:SubjectLocality Address="150.204.48.5"/>
      <saml2:AuthnContext>
         <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
      </saml2:AuthnContext>
   </saml2:AuthnStatement>
   <saml2:AttributeStatement>
      <saml2:Attribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
         <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">staff at livjm.ac.uk</saml2:AttributeValue>
      </saml2:Attribute>
   </saml2:AttributeStatement>
</saml2:Assertion>

From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Nate Klingenstein
Sent: 20 November 2012 17:08
To: Shib Users
Subject: Re: Passing attributes to testshib two

David,

Well I could just use a text editor but is that the way ?

That's certainly "a" way and the most common way.


 "include that scope in the attribute value that is generated by the script"

Sorry to appear dumb but could you elaborate / give example ?

I think all you need to do is add the scope that matches your metadata as part of the value set, like getValues().add("member at livjm.ac.uk<mailto:member at livjm.ac.uk>")

Take care,
Nate.

________________________________
Important Notice: the information in this email and any attachments is for the sole use of the intended recipient(s). If you are not an intended recipient, or a person responsible for delivering it to an intended recipient, you should delete it from your system immediately without disclosing its contents elsewhere and advise the sender by returning the email or by telephoning a number contained in the body of the email. No responsibility is accepted for loss or damage arising from viruses or changes made to this message after it was sent. The views contained in this email are those of the author and not necessarily those of Liverpool John Moores University.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121120/24ffc94e/attachment-0001.html