Attribute resolution for private credentials in subject

joller lee joller.lee at gmail.com
Wed Apr 6 20:19:43 EDT 2016


It's been quite a while, but someone reminded me that I hadn't posted my
solution here.
So, here is mime, and any better one is appreciated:

    <resolver:AttributeDefinition id="password" xsi:type="ad:Script">
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="
https://my.host/attributes/password" friendlyName="password"
encodeType="false" />
        <ad:Script>
          <![CDATA[
            subjectCtx =
profileContext.getSubcontext("net.shibboleth.idp.authn.context.SubjectContext");
            subject = subjectCtx.getSubjects()[0];

password.addValue(subject.getPrivateCredentials().toArray()[0].getName());
          ]]>
        </ad:Script>
    </resolver:AttributeDefinition>


On Fri, Mar 11, 2016 at 9:02 AM, joller lee <joller.lee at gmail.com> wrote:

> Oops, I just took a look at the source code and found the getName() method
> returns the password.
> I guess that is the way.
>
> On Fri, Mar 11, 2016 at 8:43 AM, joller lee <joller.lee at gmail.com> wrote:
>
>> On Thu, Mar 10, 2016 at 10:42 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>>
>>> > But now I get a Subject, in which I get one PasswordPrincipal as the
>>> private
>>> > credential, with the password being "<elided>".
>>> > That is not what I expected.
>>> > Is there anything missing?
>>>
>>> You're converting the object as a string, and that isn't how you would
>>> access the data inside it.
>>
>>
>> Sorry, but I didn't see any accessor to read the password field.
>> What is the correct way to access its value?
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160407/bf2bb813/attachment.html>


More information about the users mailing list