How to pass Sp entityId from Idp to Shibboleth Sp?

Abdul Waheed waheedtechblog at gmail.com
Mon Dec 14 09:52:00 EST 2015 

Thanks for the reply.

#1: I have some mapping based on Shibboleth entity Id into my database
table, I am able to connect to database using RelationalDatabase
DataConnector but to get value from DB I need entityId.

#2. Here, I want to understand both part:
   I) I can see entityId as Audience but I am not sure how to retrieve it
as SP side.? Could you point me to some link or some references so that I
can retrieve SP entityId as well as Idp entityId ?
 2) I have a idea about Script DataConnector and how to release custom
Attribute but I don't know how to retrieve these value in Script?

Thanks in Advance.


On Mon, Dec 14, 2015 at 7:28 PM, Peter Schober <peter.schober at univie.ac.at>
wrote:

> * Abdul Waheed <waheedtechblog at gmail.com> [2015-12-14 14:31]:
> > I am not sure but is it possible to pass entityId in AuthnStatement to
> > Shibboleth SP? I am already sending uid in response AuthnStatement.
>
> 1. Why do you want this?
>
> 2. The Shib IDP should already put the name (entityID) of the SP into
> the AuthnStatement, as part of the AudienceRestriction element:
>
>     <saml2:AudienceRestriction>
>       <saml2:Audience>https://sp.example.com/Shibboleth</saml2:Audience>
>     </saml2:AudienceRestriction>
>
> > Let me know if this is possible or is there any way to get Shibboleth
> > entityId attribute in IdP attribute-resolver.xml file.
>
> If you want to put the entityID into an attribute it will not be part
> of the AuthnStatement, which is what you asked about above. It would
> then bean the CDATA content of an AttributeValue element as part of
> an AttributeStatement.
>
> Ignoring that, a Script-type attribute definition has accesst to the
> relevant contexts and if you really wanted you could create a custom
> attribute with the entityID value of the current relying party into.
> The specifics depend on the IDP version, among others.
> -peter
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>



-- 
Thanks,
Abdul.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151214/1e402e4a/attachment.html>

More information about the users mailing list