NameId question
David Bantz
dabantz at alaska.edu
Tue Feb 26 16:07:48 EST 2013
Seems worthwhile to add this knowledge into the wiki.
David Bantz
On Tue, 26 Feb 2013, at 11:47 , "Brewer, Edward L" <lee.brewer at Vanderbilt.Edu> wrote:
> Scott,
>
> Thanks for the follow up. I included the encoding for EPPN just to validate that the attribute was created correctly. When I configure my production environment I will exclude that encoder and will actually only release the attribute listed as concurnameid to that one SP. Since they will not give me metadata and I had to create it for them, I hold the controls.
>
> Thanks again,
> Lee Brewer
>
> -----Original Message-----
> From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
> Sent: Tuesday, February 26, 2013 2:03 PM
> To: Shib Users
> Subject: Re: NameId question
>
> On 2/26/13 2:59 PM, "Brewer, Edward L" <lee.brewer at Vanderbilt.Edu> wrote:
>
>> Scott,
>>
>> Thanks! I was able to make it work doing the following
>>
>> I created these two entries in the attribute resolver
>
> I think your second one is technically broken, but you wouldn't notice unless you did SAML 1.1. Then the EPPN would be encoded improperly as an attribute with the scope inline instead of separated out into an XML attribute, but you may not need that.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list