saml:AuthenticatingAuthority and Assertion Extraction

Cantor, Scott cantor.2 at
Thu Apr 24 10:48:22 EDT 2014

On 4/24/14, 10:39 AM, "Andy Bennett" <andyjpb at> wrote:
>I've got exportAssertion="true" set on <Host ...> in <RequestMap> in
><RequestMapper ...> in shibboleth2.xml and I'm seeing
>Shib-Identity-Provider CGI variables but I've *never* seen any
>Shib-Assertion-Count or Shib-Assertion-NN CGI variables.

You don't have exportLocation or exportACL set, I would imagine.

>seems to claim that an XML AttributeExtractor can extract things from
><saml2:Assertion> but I'm not sure what syntax to put in
>attribute-map.xml to make this work.

It handles Attributes and NameIDs, that's it. If you tell me what text
implies otherwise, I'll adjust it.

>seems to imply that I might not be able to do this without upgrading to
>the 2.5 SP software.

Again, please tell me what implies that and I can fix it. The version
indicator is there.

>A bit of Googling suggests there were some commits over 2 years ago
>which added some kind of functionality along these lines but it's not
>clear what release they went into.

Assertion AttributeExtractor (Version 2.5 and Above)

-- Scott

More information about the users mailing list