SPv3: Catch-all / wildcard attribute mapping?

Jesse Banning jbanning at oreilly.com
Thu Apr 30 12:14:29 EDT 2020


I would like to configure our Shibboleth SP (v3.0.4 currently) to extract
all attributes from an assertion including those which we don't explicitly
map. The use case is that some identity providers release nonstandard
attributes and mapping each one on our production SP causes delays in
customer onboardings.

I wasn't able to find an answer in the SPv3 documentation or by searching
mailing list archives or the web. I'm considering an external program to
monitor the shibd logs and automatically create new mappings when "skipping
unmapped SAML 2.0 Attribute" is logged. My intent would be to use the
attribute name & nameformat from the assertion to make an identifier for
each of these.

Is there a way to do this using SP configuration rather than writing
something to react to log entries?

Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200430/19d4f90b/attachment.html>

More information about the users mailing list