Scripted Attributes in Shib 3.4.0

Jason Rotunno jrotunno at
Fri May 10 10:48:20 EDT 2019

Hi All,

We run Shibboleth IdP 3.3.1 but I'm currently testing out the InCommon
Shibboleth Docker image at
Looks like it's not the most recent version, but it's the version
referenced at

We have a few scripted attributes in our 3.3.1 instance but I'm unable to
get a scripted attribute released in 3.4.0_181002. This is the attribute
definition in my attribute-resolver.xml:

    <AttributeDefinition xsi:type="ScriptedAttribute"
        <AttributeEncoder xsi:type="SAML1String"
name="urn:mace:dir:attribute-def:eduPersonAffiliation" />
        <AttributeEncoder xsi:type="SAML2String"
name="urn:oid:" friendlyName="eduPersonAffiliation"

            var BasicAttribute =
            eduPersonAffiliation = new


And this is what I have in attribute-filter.xml:

    <AttributeFilterPolicy id="whatever">
        <PolicyRequirementRule xsi:type="ANY"/>

       [ ...other attributes ommitted... ]

        <AttributeRule attributeID="eduPersonAffiliation">
            <PermitValueRule xsi:type="ANY"/>


When I browse to
I get other attributes returned with correct values (commonName, email,
etc) but no eduPersonAffiliation attribute is returned.

I imagine I'm missing something simple. Any suggestions?



Jason Rotunno
System & Security Administrator
Swarthmore College
500 College Ave
Swarthmore, PA 19081

Think BEFORE You Click!! Emails from Swarthmore College ITS won't be in your
Quarantine or Spam folder. We won't threaten you either! If you
receive any phishing emails, please forward them to phishing at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list