IDP proxy - attribute
jebailie at vassar.edu
Wed Aug 12 12:04:39 UTC 2020
#'s 3 and 4, I think we're good to go.
1 and 2, not so much...
I see this in the idp-process.log:
2020-08-12 07:53:45,847 - x.x.x.x - INFO
- Profile Action ValidateSAMLAuthentication: No transcoding rule for
So we know that it is being 'exported' out of the proxy. This is true
because I can turn it 'off' on the proxy end and this message does not
present itself in the log.
This is what we have in attribute-filter.xml :
<PolicyRequirementRule xsi:type="Issuer" value="
<PermitValueRule xsi:type="ANY" />
1) What should the "value" of the issuer be? When the xsi:type is
"Requester", it is www.example.com/sp or some such related to the SP.
2) It's not clear how to 'map' the incoming attribute to a Transcoding rule.
On Tue, Aug 11, 2020 at 3:34 PM Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 8/11/20, 3:12 PM, "users on behalf of Jerry Bailie" <
> users-bounces at shibboleth.net on behalf of jebailie at vassar.edu> wrote:
> > The question is, is how to obtain that attribute
> (eduPersonScopedAffiliation) from Onelogin ?
> Attribute Extraction and Filtering
> Attribute Resolution
> 1. Make sure the Attribute Registry transcoding rules map the necessary
> SAML Attribute(s) into their internal IDs.
> 2. Add filter rules as required to accept those attribute IDs from the
> 3. Add a Subject data connector to export the attribute(s) back out of the
> 4. Add filter rules as required to release the attribute IDs to the SP.
> That's generally all it takes unless the use case is more complex.
> (3) automates all the complex parts that are happening under the covers.
> -- Scott
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users