REMOTE_USER

Cantor, Scott cantor.2 at osu.edu
Wed May 15 14:53:41 EDT 2013


On 5/15/13 2:04 PM, "James Forrest" <jamesforrest56 at gmail.com> wrote:

>Would somebody please be kind enough to walk me through the steps
>required to  pass the authenticated username (as input by the end user)
>through from the IdP and the Sp to Apache.

Well, you need to define an attribute definition that establishes the
value in some way based on the requestContext.principalName data. There is
no such thing as "username" in SAML, you have to encode it into some
Attribute, such as eduPersonPrincipalName, or as a SAML NameID in some
custom format.

Then you need to release the relevant attribute ID within the IdP to the
SP.

Then you need to ensure there's an attribute mapping on the SP end into an
attribute ID there.

And finally, you have to set REMOTE_USER in shibboleth2.xml to include at
least that attribute ID in the precedence list to populate from.

-- Scott




More information about the users mailing list