Shib IdP 3 and IOP online service
Tom Zeller
tzeller at dragonacea.biz
Tue Mar 24 18:53:02 EDT 2015
On Tue, Mar 24, 2015 at 5:00 PM, Maja Wolniewicz <mgw at umk.pl> wrote:
> With turned off the per-attribute consent the consent page with
> eduPersonScopedAffiliation attribute appears but although I accepted it
> this attribute isn’t added to the response. Consent record for this SP in
> the storage doesn’t contain it as well.
> eduPersonScopedAffilation has two encoders attached, one of them is
> net.shibboleth.idp.saml.attribute.encoding.impl.SAML1StringAttributeEncoder.
To push attributes in the SAML 1 browser SSO profile, you would need
to set includeAttributeStatement to "true" in relying-party.xml :
<bean parent="Shibboleth.SSO" p:includeAttributeStatement="true"
p:postAuthenticationFlows="attribute-release" />
The default is to not push attributes, but users are still prompted
for consent (because they can't be prompted during back-channel
attribute query).
Hope this helps.
More information about the users
mailing list