REMOTE_USER definition question
csross
cross at hccs.com
Tue Oct 9 16:09:32 EDT 2012
Thank you very much for the response.
Our application is using REMOTE_USER already.
I was reading the links you gave me
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApplication and
still have a question. That link indicates:
“REMOTE_USER(space-delimited list of strings) Specifies a list of attribute
IDs/aliases to look for in a session's cache of attributes. *The first one
found *with a value is set as REMOTE_USER (or in the case of IIS,
HTTP_REMOTE_USER).”
It says “The first one found….”,. but if I only have REMOTE_USER="eppn
persistent-id targeted-id" and the IDP is sending uid (which is not here),
how is it appearing in the logs and functioning as if it was listed there?
Is it because the fields listed in REMOTE_USER are just placeholders and as
long as the attribute-map.xml has the matching definition for what is being
sent, it will populate the variable even though the name is different?
The reason I am asking this is the IDP admin is changing the name of the
attribute she is sending from uid to sysid. I do not know if the underlying
value is changing or just the name (she doesn’t communicate stuff to me).
If she is actually sending uid but just wants to call it sysid, should I
just change "name=" or "id=" to sysid?
<Attribute name="uid" id="uid"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrn
ame-format:unspecified"/>
Again, thank you.
--
View this message in context: http://shibboleth.1660669.n2.nabble.com/REMOTE-USER-definition-question-tp7582378p7582383.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
More information about the users
mailing list