IDP proxy - attribute
Cantor, Scott
cantor.2 at osu.edu
Wed Aug 12 23:08:28 UTC 2020
> So we know that it is being 'exported' out of the proxy.
No, some bogus, made-up SAML Attribute that is *not* defined by eduPerson is being exported. eduPerson attributes in SAML 2 have names derived from OIDs in the form of URNs. The defined mapping rules are correct out of the box. Passing data that is not correct will not be processed, and the message reflects that.
> 1) What should the "value" of the issuer be?
The entityID of the IdP you're proxying to is the issuer for a rule that handles acceptance, it's just the inverse of a release rule.
> 2) It's not clear how to 'map' the incoming attribute to a Transcoding rule.
I wouldn't in this particular case, but the documentation on creating custom rules is in the wiki.
https://wiki.shibboleth.net/confluence/display/IDP4/AttributeRegistryConfiguration
-- Scott
More information about the users
mailing list