Missing Attributes

Kozlek, Vincent vkozlek at bloomu.edu
Tue Mar 6 15:43:16 EST 2018 

In my experience, if an attribute value is blank or null, it will not show as being sent, so I think you answered your own question since I think you said the source value is not populated in AD.

From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Robert Lamothe
Sent: Tuesday, March 6, 2018 3:23 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Missing Attributes

Ok, thanks, but do you have any idea why some users get eduPersonPrimaryAffiliation and some don't?

Thanks
-Bob

--
Bob Lamothe
robert_lamothe at yahoo.com<mailto:robert_lamothe at yahoo.com>
KB1BOB
603-918-6336

On Tuesday, March 6, 2018 3:19 PM, "Boyd, Todd M." <tmboyd1 at ccis.edu<mailto:tmboyd1 at ccis.edu>> wrote:

You can set the NameID generation on a per-SP basis without needing separate installations of Shibboleth IdP. We have to do this for a few of our service providers that require things like email instead of a transient value.

________________________________

From: users <users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net>> on behalf of Robert Lamothe <robert_lamothe at yahoo.com<mailto:robert_lamothe at yahoo.com>>
Sent: Tuesday, March 6, 2018 2:13:19 PM
To: Shib Users
Subject: Missing Attributes

Hello Shib Users,

    I have a curious situation.

    I have an SP that our users use and I've noticed that not all users get the same attributes sent.  For example, when I login I get the following attributes:

  "name": "eduPersonPrimaryAffiliation",

    "name": "mail",

    "name": "displayName",

    "name": "surname",

    "name": "givenName",

    "name": "eduPersonPrincipalName",

    Another user gets the following:

    "name": "mail",

    "name": "displayName",

    "name": "surname",

    "name": "givenName",

    "name": "eduPersonPrincipalName",

    As you can see "eduPersonPrimaryAffiliation" is missing on this second user.

    So, my questions are:

    1) Is this more likely an AD issue or a Shibboleth issue?
    2) If an attributed isn't populated in AD will it not be visible in Shibboleth

    I have two shibboleth clusters because 1 of our SPs needs the NameID property to deliver email, and the second cluster has NameID set to transient which is required by other SPs.  I see the same behavior on both clusters so either I made the same mistake on both clusters or AD is somehow behind it.

Thanks in Advance
-Bob

--
Bob Lamothe
robert_lamothe at yahoo.com<mailto:robert_lamothe at yahoo.com>
KB1BOB
603-918-6336


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.shibboleth.net_confluence_x_coFAAg&d=DwMFaQ&c=HS1CjnFyfzCL6mp0nkGYYw&r=fcOQXz172F3_F6VsMvwQJrlyp8lrJiXC6od3a6A_UtM&m=ISNNCHkse7SSXb1tnIh3GO54ZqwArtcC_ssHWJkF3Rc&s=45B19HCTjHB4WJ1v9tO-gvgyzLtCMi-yyyjGdLEiav4&e=>
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180306/083529db/attachment.html>

More information about the users mailing list