Understanding Attributes Passing

Sam Agnew saa2012 at qatar-med.cornell.edu
Thu Apr 3 07:54:19 EDT 2014 

We are trying to establish how to pass metadata in our test Shibboleth setup. We expect to be joining inCommon when we go production so we have set up a test AD with the eduPerson schema added.

I have populated some fields for a test user:

eduPersonPrincipalName
eduPersonAffiliation
eduPersonPrimaryAffiliation
eduPersonNickname

Also we are asking for some POSIX attributes like:

uid
sn
cn
givenName
displayName
mail

We are receiving a mixed bag and I'm feeling like there's something I'm not quite understanding. We receive:
mail
sn
cn
displayName
givenName

We receive an eppn (eduPersonPrincipalName?) which is not the populated value but rather the sAMAccountName+ at +dnssuffix
We receive an unscoped-affiliation which appears to be the value for eduPersonAffiliation
We get nothing for uid
We get nothing for eduPersonNickname
We get nothing for eduPersonPrimaryAffiliation

I can see all the values being asked for:
12:26:37.859 - INFO [Shibboleth-Audit:1028] - 20140403T092637Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_08ae5fccee401616aa52a038eb6aa180|https://sp.qatar-med.cornell.edu/shibboleth|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://idp.qatar-med.cornell.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c5a9e00627597559c401066471b214c3|student2013|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,eduPersonPrincipalName,eduPersonAffiliation,eduPersonPrimaryAffiliation,surname,givenName,eduPersonNickname,commonName,transientId,email,displayName,|_4e803ba53b7bd0e909551a8ef7e6b138||

***|uid,eduPersonPrincipalName,eduPersonAffiliation,eduPersonPrimaryAffiliation,surname,givenName,eduPersonNickname,commonName,transientId,email,displayName,|***

I have worked with attribute-filter.xml and attribute-resolver.xml so far to get to this point. What am I missing?

Thanks!

Sam


--
Sam Agnew
System Administrator
IT Department
Weill Cornell Medical College in Qatar



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140403/f70381c2/attachment.html

More information about the users mailing list