Need help in shibboleth configuration
Peter Schober
peter.schober at univie.ac.at
Tue May 23 10:59:46 EDT 2017
* bhupendra.a.singh at accenture.com <bhupendra.a.singh at accenture.com> [2017-05-23 16:46]:
> I have done the changes as mentioned below but still not getting the
> REMOTE_USER value in response.
Did you consult the appropriate documentation?
> <Attribute
> Name="https://federation-sts/schemas/claims/1/enterpriseid"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><AttributeValue>Enterprise
> ID </AttributeValue></Attribute>
The "Name" of the attribute from the SAML Assertion is what needs to
go in to the Attribute/@name in the Shib SP's attribute-map.xml.
(Hence the, well, name.)
> <Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" id="enterprise_id">
> <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
> </Attribute>
You can't just change the "id" of an arbitrary existing entry in the
distributed attribute-map.xml. Instead create a new entry (ideally
after reading the documentation) and provide the details for *your*
attribute name:
The "name" in your attribute-map.xml bares no resemblence at all to
the Attribute "Name" from the SAML Assertion. How should the software
know that it should look for an attribute named
"https://federation-sts/schemas/claims/1/enterpriseid" when you
configiure its name to be "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"?
-peter
More information about the users
mailing list