cantor.2 at osu.edu
Wed May 15 14:53:41 EDT 2013
On 5/15/13 2:04 PM, "James Forrest" <jamesforrest56 at gmail.com> wrote:
>Would somebody please be kind enough to walk me through the steps
>required to pass the authenticated username (as input by the end user)
>through from the IdP and the Sp to Apache.
Well, you need to define an attribute definition that establishes the
value in some way based on the requestContext.principalName data. There is
no such thing as "username" in SAML, you have to encode it into some
Attribute, such as eduPersonPrincipalName, or as a SAML NameID in some
Then you need to release the relevant attribute ID within the IdP to the
Then you need to ensure there's an attribute mapping on the SP end into an
attribute ID there.
And finally, you have to set REMOTE_USER in shibboleth2.xml to include at
least that attribute ID in the precedence list to populate from.
More information about the users