Reading groups membership in Shibboleth 4.0.1
Brent Putman
putmanb at georgetown.edu
Tue Dec 1 22:50:09 UTC 2020
On 12/1/20 11:29 AM, Feinstein, Moses wrote:
>
> I believe this was replaced with exportAttributes in 4.0.1, however I
> add try to add returnAttribute previously as well, got a deprecated
> warning, but no error, however operational attributes did not come in.
>
> exportAttributes="%{idp.attribute.resolver.LDAP.returnAttributes}">
>
> <returneAttribtues> mail displayName sn givenName uid cn isMemberOf
> createTimestamp</returnAttributes>
>
If that's literally what you have in your config, it's not correct and
wouldn't be expected to work. XML element and attribute names are
case-sensitive and the element is "<ReturnAttributes>". Also, the
opening element tag is misspelled with an "e" in there in the middle,
so that's not even well-formed XML. I'm surprised it would even load.
https://wiki.shibboleth.net/confluence/display/IDP4/ReturnAttributes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201201/8ff56f79/attachment.htm>
More information about the users
mailing list