box.com / IDP 3.x
Andrew Morgan
morgan at orst.edu
Wed Jun 8 14:05:18 EDT 2016
On Wed, 8 Jun 2016, Powell, Alan wrote:
> We are testing box as an InCommon member. I can’t get authentication to
> work even though it appears I am doing the right thing. My preference is
> to make sure it works with IDP 3.x. Can anyone who is using box provide
> any insight, ideally with IDP 3.x? Does anyone see anything wrong with
> what I am doing?
>
> The examples I’ve encountered seem to just indicate you do the typical
> Shib thing of releasing attributes but don’t you need to have the email
> be in the SAML subject in addition? (ie xsi:type="enc:SAML2StringNameID"
> xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
> nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> )
Nope, you don't need to release a particular NameID. Box will use
attributes. I'm releasing eduPersonPrincipalName, surname, givenName, and
mail. The NameID that I'm sending is a transient ID. I'm also using the
defaults for encryption or signing (SHA256).
I am using Box's InCommon metadata.
Perhaps the problem lies on the Box side of the configuration?
Andy
More information about the users
mailing list