How to pass Sp entityId from Idp to Shibboleth Sp?
Peter Schober
peter.schober at univie.ac.at
Mon Dec 14 08:58:19 EST 2015
* Abdul Waheed <waheedtechblog at gmail.com> [2015-12-14 14:31]:
> I am not sure but is it possible to pass entityId in AuthnStatement to
> Shibboleth SP? I am already sending uid in response AuthnStatement.
1. Why do you want this?
2. The Shib IDP should already put the name (entityID) of the SP into
the AuthnStatement, as part of the AudienceRestriction element:
<saml2:AudienceRestriction>
<saml2:Audience>https://sp.example.com/Shibboleth</saml2:Audience>
</saml2:AudienceRestriction>
> Let me know if this is possible or is there any way to get Shibboleth
> entityId attribute in IdP attribute-resolver.xml file.
If you want to put the entityID into an attribute it will not be part
of the AuthnStatement, which is what you asked about above. It would
then bean the CDATA content of an AttributeValue element as part of
an AttributeStatement.
Ignoring that, a Script-type attribute definition has accesst to the
relevant contexts and if you really wanted you could create a custom
attribute with the entityID value of the current relying party into.
The specifics depend on the IDP version, among others.
-peter
More information about the users
mailing list