SP: extract LHS of scoped value
Scott Koranda
skoranda at gmail.com
Sun Feb 25 15:34:58 EST 2018
> My Google-fu is failing me. Is it possible in the SP to extract/use
> the LHS/local part of a scoped value e.g. ePPN so it's available to
> mapped into REMOTE_USER?
>
> I (believe I) understand ApplicationDefaults (cf. REMOTE_USER), and
> have (re)read NativeSPAttributeDecoder and kin--even a small amount of
> the SP source--but am just not finding/getting it.
>
> We have a new SP installed with specific requirements for a *NIX-like
> loginid (no '@' etc). I'm trying to be lazy and avoid wiring up a
> one-off attribute in the IdP to meet this SP's requirements (and our
> 'uid' is multi-valued, so not so good as an identifier).
Consider the Transform AttributeResolver as detailed at
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeResolver
Note this detail: "A dest attribute, if present, specifies the ID of a
new attribute to create that will contain the transformed values. If not
present, the transformed values replace the original attribute's values
"in-place", if and only if the original attribute was a "simple"
string-valued attribute. Other attribute types with more complex values
cannot be transformed in-place."
You may have to create a "dest" attribute because the incoming ePPN (being
scoped) is probably not considered by the module as a "simple"
string-valued attribute, and then configure that attribute to be the
value used for REMOTE_USER.
Scott K
More information about the users
mailing list