How to send attributes when using MFA
Noriyuki TAKEI
ntakei at sios.com
Wed Mar 27 23:40:14 EDT 2019
Hi,all.
I use MFA which consists of two flows(x509 and ExternalAuthnConfiguration).
I defined mfa-auth-config.xml to make the following flow possible,and it
worked properly.
(1) At first, a user is authenticated with x509 flow.In this case, Common
Name of Client certificate is “ntakei”.
(2) Next, a user is authenticated with ExternalAuthnConfiguration.In this
case, Principal is defined by the following code.
req.setAttribute(ExternalAuthentication.PRINCIPAL_NAME_KEY, userName);
(It is assumed that the value "test" is set to the variable "userName")
In addition, ldap filter to search attributes was defined as below in
ldap.properties.
idp.attribute.resolver.LDAP.searchFilter =
(uid=$resolutionContext.principal)
I’d like to send attributes searched by ldap filter “uid=test” defined as
principal in ExternalAunthnConfiguration.
However, It seemed that the attributes searched by ldap filter“uid=ntakei”
defined as CommonName of Client Certificate in ExternalAuthnConfiguration
were sent.
Do you have any solutions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190328/3bd82b8f/attachment.html>
More information about the users
mailing list