Changing the format of attributes sent to the SP .

Eric Goodman Eric.Goodman at ucop.edu
Wed Jul 16 18:00:19 EDT 2014


You could create a new scripted attribute that prepends the “name=” string to the value, and release that:

https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinition
https://wiki.shibboleth.net/confluence/display/SHIB2/ResolverScriptAttributeDefinitionExamples


That said, I the SP is misusing the givenName attribute, and should really modify the config on their end to consume the value as specified (see http://tools.ietf.org/html/rfc4519, InCommon docs, etc.)

--- Eric

From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Kobi Seviliya
Sent: Wednesday, July 16, 2014 10:06 AM
To: Shib Users
Subject: Changing the format of attributes sent to the SP .

Hi Everyone

i currently have an LDAP attribute defined like this sent to the SP .

<resolver:AttributeDefinition xsi:type="ad:Simple" id="firstname" sourceAttributeID="givenName">
        <resolver:Dependency ref="MYLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:givenName" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.42" friendlyName="firstname" />
    </resolver:AttributeDefinition>


and the way it shows in a SAML trace is this :


<saml2:Attribute FriendlyName="lastname"

                             Name="urn:oid:2.5.4.4"

                             NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

                             >

                <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                                      xsi:type="xs:string"

                                      >John</saml2:AttributeValue>



Now, the problem is that the SP requires me to send the attribute at this format :

name=john

can i force the attribute to be sent in that format ?

Thanks


The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion, and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved.

This email and any attachments hereto may be confidential or privileged.  If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140716/2fb7cc5d/attachment-0001.html 


More information about the users mailing list