Providing attributes from CAS

Joshua Riffle jriffle at apu.edu
Mon Apr 8 14:11:29 EDT 2013 

The data resolver for LDAP uses requestContext.principalName to connect to
LDAP which in our case is filled-in by the user name that was authenticated
by CAS. See the example 3 (Define the Search Parameters):
https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverLDAPDataConnector


Joshua Riffle
Software Engineer
*Azusa Pacific University*


On Mon, Apr 8, 2013 at 10:58 AM, Stein, Eric <steine at locustec.com> wrote:

> Is there a simple example that shows how to do this for the username? It
> looks like the IdPAddAttribute examples are hitting a database to pull the
> attribute.
>
> Thanks,
> Eric Stein
>
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net]
> On Behalf Of Cantor, Scott
> Sent: Monday, April 08, 2013 1:40 PM
> To: Shib Users
> Subject: Re: Providing attributes from CAS
>
> On 4/8/13 1:16 PM, "Stein, Eric" <steine at locustec.com> wrote:
>
> >I'm still not sure how to get at the username that Shibboleth IdP is
> >putting in by default. It's not in any of the request header
> >information that I can see .. how do I access it from an SP?
>
> You have to define resolver behavior at the IdP to put that into an
> attribute or a SAML NameID and then extract it on the SP end.
>
> No, it's not going to show up automatically, that's a major difference
> between a non-federated system in which a local username is just
> intrinsically obvious and a federated system where it wouldn't be.
>
> The typical Shibboleth community attribute for a username of the normal
> sort is eduPersonPrincipalName, but there are others, and there's the
> approach of just sticking it into a "uid" attribute for bilateral use, or
> using the SAML NameID construct.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130408/e15b5b74/attachment.html

More information about the users mailing list