REMOTE_USER definition question

csross cross at hccs.com
Tue Oct 9 16:09:32 EDT 2012


Thank you very much for the response. 

Our application is using REMOTE_USER already. 

I was reading the links you gave me
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplication and
still have a question.  That link indicates:

“REMOTE_USER(space-delimited list of strings) Specifies a list of attribute
IDs/aliases to look for in a session's cache of attributes. *The first one
found *with a value is set as  REMOTE_USER (or in the case of IIS,
HTTP_REMOTE_USER).”

It says “The first one found….”,. but if I only have REMOTE_USER="eppn
persistent-id targeted-id" and the IDP is sending uid (which is not here),
how is it appearing in the logs and functioning as if it was listed there? 
Is it because the fields listed in REMOTE_USER  are just placeholders and as
long as the attribute-map.xml has the matching definition for what is being
sent, it will populate the variable even though the name is different?

The reason I am asking this is the IDP admin is changing the name of the
attribute she is sending from uid to sysid.  I do not know if the underlying
value is changing or just the name (she doesn’t communicate stuff to me). 
If she is actually sending uid but just wants to call it sysid, should I
just change "name=" or "id=" to sysid?

    <Attribute name="uid" id="uid"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrn
ame-format:unspecified"/>

Again, thank you.





--
View this message in context: http://shibboleth.1660669.n2.nabble.com/REMOTE-USER-definition-question-tp7582378p7582383.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.


More information about the users mailing list