targeted-id question
Mike Flynn
shibbolethlynda at yahoo.com
Mon Feb 18 14:31:56 EST 2013
I do not think I have safeHeaderNames turned on as persistent-id passes as http_persistent-id like this:
Attributes displayName: Lynda Test persistent-id: https://shib-idp.school.edu.au/idp/shibboleth!https://shib.lynda.com/shibboleth-sp!1n43OwhUMrCrg0s8FNn/LAFm/uQ=
Is the issue then NameIDFromScoped ?
________________________________
From: "Cantor, Scott" <cantor.2 at osu.edu>
To: Shib Users <users at shibboleth.net>
Sent: Monday, February 18, 2013 11:01 AM
Subject: Re: targeted-id question
On 2/18/13 12:52 PM, "Mike Flynn" <shibbolethlynda at yahoo.com> wrote:
>targeted-id: C8+gfgfds9876nzl03XdybzI=@schoolname.ac.ukSo on my protected
>resource I then expect to see http_targeted-id in the request headers but
>it is not there. I have asked them to switch to persistent-id for this
>but apparently they have some challenge with that...(stupid Ymail
>formatting...)
Firstly, please review all of this:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPTargetedID
You don't need to process the bogus syntax, you can uncomment the
NameIDFromScoped decoder so that it converts them to the proper form and
matches all the other IdPs you deal with.
Secondly, your problem is the safeHeaderNames option that collapses
punctuation. "targeted-id" would be HTTP_TARGETEDID.
-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130218/c47a049d/attachment.html
More information about the users
mailing list