Attribute IDs containing Dashes & Resolver Script
Patrick Rynhart
P.Rynhart at massey.ac.nz
Mon Sep 9 22:31:31 EDT 2013
On 10/09/13 02:02, Cantor, Scott wrote:
> On 9/9/13 12:02 AM, "Patrick Rynhart" <P.Rynhart-GuuZuZYZZ9vScTE++YW6Eg at public.gmane.org> wrote:
>
>> I'm attempting to federate with an SP where they are expecting an
>> attribute to be called "unscoped-affiliation" (an id containing dashes).
>
> No, they're not. That's a Shibboleth internal default name for an
> attribute on the SP, it has nothing to do with what you have to send them.
>
>>
>> I am attempting to construct my resolver (in attribute-resolver.xml) as
>> follows:
>
> You are needlessly coupling your IdP's internal naming of attributes with
> the SP's.
>
> You can, but you certainly don't need to.
Hi Scott & Mike
Thanks for your replies. My misunderstanding was that I thought the
"id" (as defined in a resolver AttributeDefinition) was released and
"seen" on the SP side. However, I now understand that the "id" is
arbitrary on the IdP side; it's the AttributeEncoder that determines the
actual type (via an OID).
Thank you for clearing this up for me.
With Regards,
Patrick
>>
>> If I remove the dashes (and call my variable unscopedaffiliation) then
>> things work, but obviously the SP is expecting unscoped-affiliation.
>
> No, it's not. They're asking for the eduPersonAffiliation attribute, which
> has a standard URI name, the specifics of which I'm not about to look up,
> but is present in both SP and IdP files by default as an example.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe-42IIvhcvNBnXOH51mAaJLw at public.gmane.org
>
More information about the users
mailing list