box.com / IDP 3.x

Andrew Morgan morgan at orst.edu
Wed Jun 8 14:05:18 EDT 2016


On Wed, 8 Jun 2016, Powell, Alan wrote:

> We are testing box as an InCommon member. I can’t get authentication to 
> work even though it appears I am doing the right thing. My preference is 
> to make sure it works with IDP 3.x. Can anyone who is using box provide 
> any insight, ideally with IDP 3.x?  Does anyone see anything wrong with 
> what I am doing?
>
> The examples I’ve encountered seem to just indicate you do the typical 
> Shib thing of releasing attributes but don’t you need to have the email 
> be in the SAML subject in addition? (ie xsi:type="enc:SAML2StringNameID" 
> xmlns="urn:mace:shibboleth:2.0:attribute:encoder" 
> nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> )

Nope, you don't need to release a particular NameID.  Box will use 
attributes.  I'm releasing eduPersonPrincipalName, surname, givenName, and 
mail.  The NameID that I'm sending is a transient ID.  I'm also using the 
defaults for encryption or signing (SHA256).

I am using Box's InCommon metadata.

Perhaps the problem lies on the Box side of the configuration?

 	Andy


More information about the users mailing list