null value of eduPersonAffiliation
David Bantz
dabantz at alaska.edu
Thu Dec 5 13:35:03 EST 2013
For a person with no eduPersonAffiliation, my script in the attribute resolver [which otherwise works to clean up some issues with source directory values] errs as follows:
16:16:57.758 - ERROR [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ScriptedAttributeDefinition:129] - eduPersonAffiliation produced a null attribute
16:16:57.758 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:480] - Error resolving attributes for principal 'dabantz'. No name identifier or attribute statement will be included in response
Is a “null attribute” different from an attribute with null value?
“Null value” seems appropriate in this case in which the directory record had no values of eduPersonAffiliation. [Prior members retain need to access some information resources, such as getting tax records or transcripts]. I could add “affiliate”value but that may be counter to the spirit of the advice in the schema definition (http://macedir.org/specs/eduperson/#eduPersonAffiliation):
> For the sake of completeness, if for some reason the institution carries digital identity information for people with whom it has no affiliation according to the above definitions, the recommendation is simply not to assert eduPersonAffiliation values for those individuals.
David Bantz
U Alaska
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20131205/76a62c19/attachment.html
More information about the users
mailing list