IdPv3.x user password as attribute follow up
Christopher Greiner
christopher.greiner at unil.ch
Fri Aug 14 10:49:57 EDT 2015
Hello,
We're in the process of migrating our current IdP v2 configuration to a
test v3 IdP.
I've managed to get most things working except for a
ScriptedAttributeDefinition we've been using in v2 to release the
password entered on the login page as an attribute:
[...]
userSubject = requestContext.getUserSession().getSubject();
i =
userSubject.getPrivateCredentials(edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordCredential).iterator();
[...]
(We then encrypt the password before releasing it to an internal SP that
requires it. It is then decrypted and used by the portal running on that
SP to access and display a user's email and calendar events.)
The .getUserSession() method can no longer be used in v3 (it's been
ported but as an empty method that just logs a warning).
Someone already posted about this back in march
(http://shibboleth.1660669.n2.nabble.com/idpv3-x-user-password-as-attribute-tt7612840.html)
and Scott replied:
"The password flow could do that with an enhancement, or it can be
copied and customized by somebody to do that."
Could you elaborate slightly on the enhancement or customisation needed
for me to achieve this?
Thanks for any pointers, last hurdle before we're able to go into
production with v3!
Chris
--
Christopher Greiner
Université de Lausanne
Centre informatique
Amphimax
CH-1015 Lausanne
More information about the users
mailing list