Anyone using Shibboleth with JAMF?
Mark Cairney
Mark.Cairney at ed.ac.uk
Thu Jun 8 16:11:51 EDT 2017
On 08/06/2017 17:42, Cantor, Scott wrote:
>> Finally my saml-nameid.properties still had these lines commented out:
> That means you didn't upgrade, so it obviously didn't know you wanted the legacy feature on. That's why the instructions are to upgrade.
Actually the recommendations I've seen from the UK Federation (and
possibly other federations) was to do a clean V3 install and then import
your configuration, modernising it where appropriate.
>
>> idp.nameid.saml2.legacyGenerator =
>> shibboleth.LegacySAML2NameIDGenerator
>> idp.nameid.saml1.legacyGenerator =
>> shibboleth.LegacySAML1NameIdentifierGenerator
>>
>> Once I uncommented them it all burst into life. This is slightly
>> confusing as I thought this was the non-legacy approach but hey-ho :)
> The new wiring you added did not start working because you uncommented those. That would make the attribute resolver approach start working. You should be very careful you're not assuming you're relying on something you're not actually using.
Not sure what happened there as the docs + comments both suggest this
but it looked like it wasn't behaving like that (which is why I thought
it worth mentioning). However I've stripped out the legacy nameid
attribute completely (not just commented it out) and restarted tomcat
with the legacy properties commented out and it's now working as expected.
Again the 1st rule of making changes like this is to only change one
thing at a time and I thought I'd done this but obviously not so I stand
corrected.
>
> -- Scott
>
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the users
mailing list