AttributeInMetadata-problem
Jukka Hakosalo
jhakosal at gmail.com
Thu Dec 21 02:24:23 EST 2017
Thank you Tom and Peter! "onlyIfRequired" solved the case.
On Wed, Dec 20, 2017 at 3:32 PM, Tom Poage <tfpoage at ucdavis.edu> wrote:
> I think a default setting changed. Try setting either isRequired="true" in
> the RequestedAttribute element, or onlyIfRequired="false" in the
> PermitValueRule.
>
> Tom.
>
> On Dec 20, 2017, at 5:05 AM, Jukka Hakosalo <jhakosal at gmail.com> wrote:
>
> Thanks Peter but I think the resolver is ok. SP gets "sn" if it's type is
> "ANY", not "attributeInMetadata".
>
> On Wed, Dec 20, 2017 at 2:38 PM, Peter Schober <peter.schober at univie.ac.at
> > wrote:
>
>> * Jukka Hakosalo <jhakosal at gmail.com> [2017-12-20 04:49]:
>> > this example only mail and eppn are released. What's wrong with
>> > AttributeInMetadata? Idp ignores it. Log shows no error.
>> [...]
>> > <AttributeRule attributeID="sn">
>> > <PermitValueRule xsi:type="AttributeInMetadata" />
>> > </AttributeRule>
>> [...]
>> > <md:RequestedAttribute FriendlyName="sn" Name="urn:oid:2.5.4.4"
>> > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
>>
>
>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/
> confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20171221/02094303/attachment.html>
More information about the users
mailing list