Scripted Attributes in Shib 3.4.0

Jason Rotunno jrotunno at swarthmore.edu
Fri May 10 10:48:20 EDT 2019


Hi All,

We run Shibboleth IdP 3.3.1 but I'm currently testing out the InCommon
Shibboleth Docker image at
https://github.internet2.edu/docker/shib-idp/archive/3.4.0_181002.zip.
Looks like it's not the most recent version, but it's the version
referenced at
https://spaces.at.internet2.edu/display/ShibInstallFest/InCommon+Shibboleth+IdP+Training+-+Linux+Installation
.

We have a few scripted attributes in our 3.3.1 instance but I'm unable to
get a scripted attribute released in 3.4.0_181002. This is the attribute
definition in my attribute-resolver.xml:

    <AttributeDefinition xsi:type="ScriptedAttribute"
id="eduPersonAffiliation">
        <AttributeEncoder xsi:type="SAML1String"
name="urn:mace:dir:attribute-def:eduPersonAffiliation" />
        <AttributeEncoder xsi:type="SAML2String"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation"
/>

        <Script><![CDATA[
            var BasicAttribute =
Java.type("edu.internet2.middleware.shibboleth.common.attribute.provider.BasicAttribute");
            eduPersonAffiliation = new
BasicAttribute("eduPersonAffiliation");
            eduPersonAffiliation.getValues().add("test");
        ]]></Script>


    </AttributeDefinition>

And this is what I have in attribute-filter.xml:

    <AttributeFilterPolicy id="whatever">
        <PolicyRequirementRule xsi:type="ANY"/>

       [ ...other attributes ommitted... ]

        <AttributeRule attributeID="eduPersonAffiliation">
            <PermitValueRule xsi:type="ANY"/>
        </AttributeRule>

    </AttributeFilterPolicy>


When I browse to
https://ourhost/idp/profile/admin/resolvertest?requester=anything&principal=myusername
I get other attributes returned with correct values (commonName, email,
etc) but no eduPersonAffiliation attribute is returned.

I imagine I'm missing something simple. Any suggestions?

Thanks,
Jason


-- 

Jason Rotunno
System & Security Administrator
Swarthmore College
500 College Ave
Swarthmore, PA 19081
610.328.8505

Think BEFORE You Click!! Emails from Swarthmore College ITS won't be in your
Quarantine or Spam folder. We won't threaten you either! If you
receive any phishing emails, please forward them to phishing at swarthmore.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190510/8be954fb/attachment.html>


More information about the users mailing list