InC R&S IdP config breaks integration with R&S SP!
David Bantz
dabantz at alaska.edu
Mon Nov 24 14:12:46 EST 2014
I recently switched our IdP configuration to support release to the InC SPs in the research-and-scholarship category.
Previously l had individual release policies for a subset of these SPs.
The attribute filter policy provided at
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAddAttributeFilterExamples or
https://spaces.internet2.edu/display/InCFederation/Essential+Attribute+Bundle+Config
releases the mail attribute
mail is allowed to be multi-valued, but releasing a multi-valued attribute for mail prevents login,
with a message that the IdP is not releasing the required attributes.
I forgot that I had had to craft (resolve) a single-valued version of mail for FileSender and
encode it with the mail OID.
I could release this single-valued version of mail for all research-and-scholarship SPs,
but am a little concerned this could create other issues down the road.
(FWIW, releasing both versions - that is two separate attribute clauses with mail attribute -
also blocks FileSender login, even if both clauses have the same single value.)
Your suggestions please!
David Bantz
More information about the users
mailing list