Release one or the other attribute

sherrera sherrera at bradley.edu
Tue Nov 5 17:13:02 EST 2019 

You are absolutely correct. It is the same kind of data just a different
format. Basically this is what we are needing to resolve. We have an SP that
if you are staff is listening for email of @bradley.edu
(sherrera at bradley.edu) and if you are a student listening for
@mail.bradley.edu (sherrera at mail.bradley.edu). A person here is only in one
or the other, never both. The email attribute in LDAP for staff has
@fsmail.bradley.edu (sherrera at fsmail.bradley.edu) and for students it is
correct with @mail.bradley.edu. As a staff person the attribute with the
correct information is held in eduPersonPrincipalName. This config setup
looks to be working. Is there a better way I should do this? Thank you for
suggesting the dual dependency. I didn't know we could do that. And I
release only one attribute in the attribute-filter.xml



In my attribute-resolver.xml.



Is this what you meant by single attribute pulling both in as a dependancy?



    <AttributeDefinition xsi:type="Simple" id="crowdStrikeEmail">

        <InputDataConnector ref="crowdStrikeStaffAccess"
attributeNames="eduPersonPrincipalName"/>

        <AttributeEncoder xsi:type="SAML2String"
name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
friendlyName="eduPersonPrincipalName" />

        <InputDataConnector ref="crowdStrikeStudentAccess"
attributeNames="mail"/>

        <AttributeEncoder xsi:type="SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />

    </AttributeDefinition>







<DataConnector id="crowdStrikeStaffAccess" xsi:type="LDAPDirectory"

        ldapURL="ldaps://REDACTED.Bradley.edu"

        baseDN="dc=EXAMPLE,dc=com"

        principal="uid=USER,dc=EXAMPLE,dc=com"

        principalCredential="REDACTED"

        trustFile="/ldap-server.crt">

        <FilterTemplate>

            

        </FilterTemplate>

    </DataConnector>



<DataConnector id="crowdStrikeStudentAccess" xsi:type="LDAPDirectory"

        ldapURL="ldaps://REDACTED.Bradley.edu"

        baseDN="dc=EXAMPLE,dc=com"

        principal="uid=USER,dc=EXAMPLE,dc=com"

        principalCredential="REDACTED"

        trustFile="/ldap-server.crt">

        <FilterTemplate>

            

        </FilterTemplate>

    </DataConnector>



--
Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

More information about the users mailing list