Shibcas external authentication attributes
Cantor, Scott
cantor.2 at osu.edu
Wed May 1 09:52:34 EDT 2019
On 5/1/19, 12:22 AM, "users on behalf of jramsay at binghamton.edu" <users-bounces at shibboleth.net on behalf of jramsay at binghamton.edu> wrote:
> I am wondering if it is possible to use any of the attributes returned by
> the Shibcas servlet post login by the Shibboleth IdP (3.4.3).
The current (V3) mechanism for passing data in from an External authentication servlet is by stuffing each datum into an IdPAttribute object wrapped in an IdPAttributePrincipal object and then attaching those principals to the Subject established by the servlet's use of the ExternalAuthentication API. If it's changed to do that, then it's possible, if not, it's not.
> So far, I looked at the items under the IDP_HOME/conf/c14n directory which
> seemed to deal with the subject/principal which I don't intend to change so,
> I'm a bit lost.
There are two use cases for c14n:
- establishing a canonical principal name string as the result of authentication
- decoding a SAML NameID in a SAML request back into a canonical principal name
Your question has nothing to do with either of those.
-- Scott
More information about the users
mailing list