eduPersonTargetedID

Etan Weintraub eweintra at jhmi.edu
Fri Apr 26 14:14:26 EDT 2013


Not 100% sure, but I think you need to change xsi:type="ad:SAML2NameID" to xsi:type="Script".

-Etan E. Weintraub
Sr. Systems Engineer
Directory Architecture
IT at Johns Hopkins
Johns Hopkins at Mt. Washington
5801 Smith Ave.
Suite 3110B
Baltimore, MD 21209
Phone: 410-735-7945
E-mail: eweintra at jhmi.edu

-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Qian, Yi
Sent: Friday, April 26, 2013 2:08 PM
To: Shib Users
Subject: eduPersonTargetedID

Hello,

Our eduPersonTargetedID just follows shibboleth wiki, including 2 parts
idp entity id, sp entity id and encoded uid, separated by !

Manager wants the last part to be encoded idp entity id + sp entity id +
uid. I tried to use script attribute definition. But got "Invalid content
was found starting with element 'Script'. One of
'{"urn:mace:shibboleth:2.0:resolver":AttributeEncoder}' is expected." error

Here is my attribute resolver, I have attribute Encoder defined.

<resolver:AttributeDefinition xsi:type="ad:SAML2NameID"
id="eduPersonTargetedID"
                   
nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
sourceAttributeID="computedID">
        <resolver:Dependency ref="computedID" />
        
        <resolver:AttributeEncoder xsi:type="enc:SAML1XMLObject"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2XMLObject"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
friendlyName="eduPersonTargetedID" />
        
        <Script>
        	<![CDATA[
        		importPackage(Package.org.opensaml.saml2.core.impl.BaseIDImpl);
        		
        		BaseID baseID = new BaseIDImpl();
        		
        		idpNameQualifier =
"https://shibidptstwb1.cc.ku.edu/idp/shibboleth";
        		spNameQualifier = baseID.getSPNameQualifier();
        		computedID = idpNameQualifier + spNameQualifier + computedID;
        	]]>
        </Script>
    </resolver:AttributeDefinition>


Regards,
Yi


--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list