Passing attributes to testshib two

Nate Klingenstein ndk at internet2.edu
Tue Nov 20 13:24:07 EST 2012 

Dave,

I suspect everything on your side of the transaction is working well.

As mentioned upthread, I'm investigating the problems that seem to be occurring at TestShib.  These problems could very well prevent the display of this attribute on the webpage.

I'll post something to the list once I make some headway.

Thanks,
Nate.

On 20 Nov 2012, at 17:44, "Wynne, David" <D.Wynne at ljmu.ac.uk> wrote:

> Thanks Nate,
>           Still nothing about the attribute on shib two page but in the idp-process.log the value of the attribute is staff at livjm.ac.uk, which is correct for me.:
>  
> <?xml version="1.0" encoding="UTF-8"?><saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_1c2498ae44ff89a098de38db3db6ab25" IssueInstant="2012-11-20T17:22:16.757Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
>    <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://java.cms.livjm.ac.uk/idp/shibboleth</saml2:Issuer>
>    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>       <ds:SignedInfo>
>          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>          <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>          <ds:Reference URI="#_1c2498ae44ff89a098de38db3db6ab25">
>             <ds:Transforms>
>                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>                <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
>                   <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xs"/>
>                </ds:Transform>
>             </ds:Transforms>
>             <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>             <ds:DigestValue>R8n3YVUWB1RqrQjTq/HfatM3iAI=</ds:DigestValue>
>          </ds:Reference>
>       </ds:SignedInfo>
>       <ds:SignatureValue>TrfcXGFWHYmANXpg9AHKit4WilVIQVmBb1eK70NdJuXlp8Ld3OusghhJqrPOOHyjoZej1oomayr5/o2sc/u1OU7PsvDtD3hLjdC+eJRdJUnK3SJhZTEQka/YNlBAE1k8dpbDRxZq28LtW3g25O/jyyRABpVVKLy89oDqD9puw9mACc+C/wiJAnowYbVTzegZLwB8EzKKSTIK3SC/Yv7lUgqsmrfudjzl7iAZoG/RMuWRZoEMlEv5TCS66A4GnfxxPaw0vkExb9IPIUfPouxOVvJRGHh/wSFUmYKvlkSnVGz/boCorm0d+rIFWzE2g/ObqaFa/L426iI5+CiFXFHJww==</ds:SignatureValue>
>       <ds:KeyInfo>
>          <ds:X509Data>
>             <ds:X509Certificate>MIIDOzCCAiOgAwIBAgIUAxwrx4Sn98FDukGSOhoUmhhWntEwDQYJKoZIhvcNAQEFBQAwHzEdMBsG
> A1UEAxMUamF2YS5jbXMubGl2am0uYWMudWswHhcNMTIxMTA5MTIxODA2WhcNMzIxMTA5MTIxODA2
> WjAfMR0wGwYDVQQDExRqYXZhLmNtcy5saXZqbS5hYy51azCCASIwDQYJKoZIhvcNAQEBBQADggEP
> ADCCAQoCggEBAJ4n/7WV1UKuIo/i10qyFuXLQDbrtJBxN17EfIvFW+EUmPLxIFiKVGc9Cgatv6vV
> P33XWaSWYKrw9bv3CmgYwuw8obAmd62CPRVEIoU4LqBZHgMciM0Aujta28Gp2CAnFMq6csc+Z6gy
> 9X9lAaWxU82OWzp8rbrG79JR07QTG2pU7gpHyEYRRyuTawhtVsorYQmHWs42cuYc+LjclzVqDi/i
> XSvwi3AHSBUdjR1HEml8QUjUqSbvgZH3gM7wWGKGOj4hgH4ts/BzwYUBRjnJDkwiwUh+jzm+moBa
> Y4ICYjszlBq7rOxkuHnicKLuKYiPNW2+/a9v39yWQ+L6QUVgyCECAwEAAaNvMG0wTAYDVR0RBEUw
> Q4IUamF2YS5jbXMubGl2am0uYWMudWuGK2h0dHBzOi8vamF2YS5jbXMubGl2am0uYWMudWsvaWRw
> L3NoaWJib2xldGgwHQYDVR0OBBYEFNLsUhuag+qDR3uPTah5SeGjlOW9MA0GCSqGSIb3DQEBBQUA
> A4IBAQCQaK46J3N9SYlWmFeeqhvrNgq/sKBLC9MUs8u1RY7gdhi1tQ9k+GfksArpLLUzHP+Tfx38
> /lQChXjvUAp30tJJFHr0iQxQBvnD6xxI3GiRugusRx9QRN6KgUAVDCYQGq13YxRnjIKiKjHL7FCf
> Tn2WPXTUvQCvOPXurL9v4yQyNksYMGcYlgCW1DvROFLY1RyGdcJRc+xhij/Fe++QaOBqbYe0buQW
> L3Nh4iJ/jCMqoSM6BJtUSAqw43ss1VjEDMSF27wBtXFJpCTfqi0q11rvXcN1ocKJ8yWVwXqxl7a/
> tFLbobI7zRliodYzeSHDP4y8M7yM47fmuZhVxJG4fU5V</ds:X509Certificate>
>          </ds:X509Data>
>       </ds:KeyInfo>
>    </ds:Signature>
>    <saml2:Subject>
>       <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://java.cms.livjm.ac.uk/idp/shibboleth" SPNameQualifier="https://sp.testshib.org/shibboleth-sp">_72b930f6045a9cae339dfccfc9ce22a9</saml2:NameID>
>       <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
>          <saml2:SubjectConfirmationData Address="150.204.48.5" InResponseTo="_2afbff35ff47b034fa40130098587882" NotOnOrAfter="2012-11-20T17:27:16.757Z" Recipient="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"/>
>       </saml2:SubjectConfirmation>
>    </saml2:Subject>
>    <saml2:Conditions NotBefore="2012-11-20T17:22:16.757Z" NotOnOrAfter="2012-11-20T17:27:16.757Z">
>       <saml2:AudienceRestriction>
>          <saml2:Audience>https://sp.testshib.org/shibboleth-sp</saml2:Audience>
>       </saml2:AudienceRestriction>
>    </saml2:Conditions>
>    <saml2:AuthnStatement AuthnInstant="2012-11-20T17:22:16.594Z" SessionIndex="e75286d8dbee1ffc996a0598178b546fb9b45a646cee0792d0bd78a2062747f1">
>       <saml2:SubjectLocality Address="150.204.48.5"/>
>       <saml2:AuthnContext>
>          <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
>       </saml2:AuthnContext>
>    </saml2:AuthnStatement>
>    <saml2:AttributeStatement>
>       <saml2:Attribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>          <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">staff at livjm.ac.uk</saml2:AttributeValue>
>       </saml2:Attribute>
>    </saml2:AttributeStatement>
> </saml2:Assertion>
>  
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Nate Klingenstein
> Sent: 20 November 2012 17:08
> To: Shib Users
> Subject: Re: Passing attributes to testshib two
>  
> David,
>  
> Well I could just use a text editor but is that the way ?
>  
> That's certainly "a" way and the most common way.
> 
> 
>  "include that scope in the attribute value that is generated by the script"
>  
> Sorry to appear dumb but could you elaborate / give example ?
>  
> I think all you need to do is add the scope that matches your metadata as part of the value set, like getValues().add("member at livjm.ac.uk")
>  
> Take care,
> Nate.
> 
> Important Notice: the information in this email and any attachments is for the sole use of the intended recipient(s). If you are not an intended recipient, or a person responsible for delivering it to an intended recipient, you should delete it from your system immediately without disclosing its contents elsewhere and advise the sender by returning the email or by telephoning a number contained in the body of the email. No responsibility is accepted for loss or damage arising from viruses or changes made to this message after it was sent. The views contained in this email are those of the author and not necessarily those of Liverpool John Moores University. --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20121120/948da2a2/attachment-0001.html

More information about the users mailing list