Activation condition for multiple SPs

Lalith Jayaweera ljayaweera at gmail.com
Thu May 18 02:54:49 EDT 2017


Did some troubleshooting and It appears the issue is only in
the saml-nameid.xml, relying party xml syntax looks ok with multiple SPs

I then remove multiple SPs( purely to troubleshoot the issue with the
syntax) in saml-nameid.xml and tried below , please see the result

Below does not work

<bean parent="shibboleth.SAML2AttributeSourcedGenerator"

    p:format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"

    p:attributeSourceIds="#{ {'uid'} }">

    <property name="activationCondition">

        <bean parent="shibboleth.Conditions.RelyingPartyId"
c:candidates="#{{'https://sample.x.om'}}" />

    </property>

</bean>


but below works with c:candidate


<bean parent="shibboleth.SAML2AttributeSourcedGenerator"

    p:format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"

    p:attributeSourceIds="#{ {'uid'} }">

    <property name="activationCondition">

        <bean parent="shibboleth.Conditions.RelyingPartyId" c:candidate="
https://sample.x.om" />

    </property>

</bean>




Could this be do to with IdP version etc ?

On another note, Yes, do agree about the unspecified format, but here the
doubt is more about syntax and handling multiple SPs easily instead
declaring again and again.

Thanks





On Thu, May 18, 2017 at 12:00 AM, Cantor, Scott <cantor.2 at osu.edu> wrote:

> On 5/17/17, 2:03 AM, "users on behalf of Lalith Jayaweera" <
> users-bounces at shibboleth.net on behalf of ljayaweera at gmail.com> wrote:
>
> > However given we got multple SPs with same nameID requirements, I coded
> an activation condition with c:candidates in In saml
> > -nameid.xml and listed the SPs, this does not work
>
> Well, it does work, so I imagine you misentered something.
>
> > Do I have to define anything else.
>
> No. But there is almost certainly no reason to be using that NameID Format
> anyway.
>
> -- Scott
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170518/ba460c5d/attachment.html>


More information about the users mailing list