Missing Attributes

Robert Lamothe robert_lamothe at yahoo.com
Tue Mar 6 15:56:44 EST 2018 

Thank you.  That's what I thought, but I'm a Unix guy and don't have much experience with AD.  You've confirmed it for me.
Cheers-Bob
 --
Bob Lamothe
robert_lamothe at yahoo.com
KB1BOB
603-918-6336

 

    On Tuesday, March 6, 2018 3:43 PM, "Kozlek, Vincent" <vkozlek at bloomu.edu> wrote:
 

 #yiv6413110491 #yiv6413110491 -- _filtered #yiv6413110491 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv6413110491 {panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv6413110491 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;}#yiv6413110491 #yiv6413110491 p.yiv6413110491MsoNormal, #yiv6413110491 li.yiv6413110491MsoNormal, #yiv6413110491 div.yiv6413110491MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv6413110491 a:link, #yiv6413110491 span.yiv6413110491MsoHyperlink {color:blue;text-decoration:underline;}#yiv6413110491 a:visited, #yiv6413110491 span.yiv6413110491MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv6413110491 p.yiv6413110491msonormal0, #yiv6413110491 li.yiv6413110491msonormal0, #yiv6413110491 div.yiv6413110491msonormal0 {margin-right:0in;margin-left:0in;font-size:12.0pt;}#yiv6413110491 span.yiv6413110491EmailStyle18 {color:#1F497D;}#yiv6413110491 .yiv6413110491MsoChpDefault {font-size:10.0pt;} _filtered #yiv6413110491 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv6413110491 div.yiv6413110491WordSection1 {}#yiv6413110491 In my experience, if an attribute value is blank or null, it will not show as being sent, so I think you answered your own question since I think you said the source value is not populated in AD.    From: users [mailto:users-bounces at shibboleth.net]On Behalf Of Robert Lamothe
Sent: Tuesday, March 6, 2018 3:23 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Missing Attributes    Ok, thanks, but do you have any idea why some users get eduPersonPrimaryAffiliation and some don't?    Thanks -Bob   --
Bob Lamothe
robert_lamothe at yahoo.com
KB1BOB
603-918-6336    On Tuesday, March 6, 2018 3:19 PM, "Boyd, Todd M." <tmboyd1 at ccis.edu> wrote:    You can set the NameID generation on a per-SP basis without needing separate installations of Shibboleth IdP. We have to do this for a few of our service providers that require things like email instead of a transient value.

________________________________ 
From: users <users-bounces at shibboleth.net> on behalf of Robert Lamothe <robert_lamothe at yahoo.com>
Sent: Tuesday, March 6, 2018 2:13:19 PM
To: Shib Users
Subject: Missing Attributes

Hello Shib Users,

    I have a curious situation.

    I have an SP that our users use and I've noticed that not all users get the same attributes sent.  For example, when I login I get the following attributes:

  "name": "eduPersonPrimaryAffiliation",

    "name": "mail",

    "name": "displayName",

    "name": "surname",

    "name": "givenName",

    "name": "eduPersonPrincipalName",

    Another user gets the following:

    "name": "mail",

    "name": "displayName",

    "name": "surname",

    "name": "givenName",

    "name": "eduPersonPrincipalName",

    As you can see "eduPersonPrimaryAffiliation" is missing on this second user.

    So, my questions are:

    1) Is this more likely an AD issue or a Shibboleth issue?
    2) If an attributed isn't populated in AD will it not be visible in Shibboleth

    I have two shibboleth clusters because 1 of our SPs needs the NameID property to deliver email, and the second cluster has NameID set to transient which is required by other SPs.  I see the same behavior on both clusters so either I made the same mistake on both clusters or AD is somehow behind it.

Thanks in Advance
-Bob

--
Bob Lamothe
robert_lamothe at yahoo.com
KB1BOB
603-918-6336 

-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net       -- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180306/c815372c/attachment.html>

More information about the users mailing list