IDP proxy - attribute

Jerry Bailie jebailie at
Wed Aug 12 12:04:39 UTC 2020

#'s 3 and 4, I think we're good to go.

1 and 2, not so much...

I see this in the idp-process.log:

2020-08-12 07:53:45,847 - x.x.x.x - INFO
- Profile Action ValidateSAMLAuthentication: No transcoding rule for
Attribute 'eduPersonScopedAffiliation'

So we know that it is being 'exported' out of the proxy.  This is true
because I can turn it 'off' on the proxy end and this message does not
present itself in the log.

This is what we have in  attribute-filter.xml :

       <AttributeFilterPolicy id="proxy">
           <PolicyRequirementRule xsi:type="Issuer" value="" />
           <AttributeRule attributeID="eduPersonScopedAffiliation">
               <PermitValueRule xsi:type="ANY" />

1) What should the "value" of the issuer be?  When the xsi:type is
"Requester", it is or some such related to the SP.
2) It's not clear how to 'map' the incoming attribute to a Transcoding rule.

- Jerry

On Tue, Aug 11, 2020 at 3:34 PM Cantor, Scott <cantor.2 at> wrote:

> On 8/11/20, 3:12 PM, "users on behalf of Jerry Bailie" <
> users-bounces at on behalf of jebailie at> wrote:
> >    The question is, is how to obtain that attribute
> (eduPersonScopedAffiliation) from Onelogin ?
> Attribute Extraction and Filtering
> Attribute Resolution
> i.e.
> 1. Make sure the Attribute Registry transcoding rules map the necessary
> SAML Attribute(s) into their internal IDs.
> 2. Add filter rules as required to accept those attribute IDs from the
> "issuer".
> 3. Add a Subject data connector to export the attribute(s) back out of the
> resolver.
> 4. Add filter rules as required to release the attribute IDs to the SP.
> That's generally all it takes unless the use case is more complex.
> (3) automates all the complex parts that are happening under the covers.
> -- Scott
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list