shibboleth Idp attributes with vendor SP using Samly
Peter Schober
peter.schober at univie.ac.at
Fri Jul 10 11:04:49 UTC 2020
* Peter Schober <peter.schober at univie.ac.at> [2020-07-10 12:57]:
> * Jehan PROCACCIA <jehan.procaccia at tem-tsp.eu> [2020-07-09 19:19]:
> > SSO SAML exchanges do seem to works fine , but although my
> > shibboleth IDP (v3.3.1, trying also 4.0.1 ... ) does send attributes
> > (mail required) to that SP , the SP doesn't seem to read/consume
> > them.
>
> What exact attribute name and nameformat does the SP expect?
> Probably that's simply something else than what your IDP is sending?
Try section "Customization" in the docs you referenced
https://hexdocs.pm/samly/readme.html#customization
adding a "Plug Pipeline" (whatever that is) that maps the on-the-wire
formal attribute names your IDP is sending to application-internal
attribute names.
E.g. where in the example code within compute_attributes() it does:
assertion = conn.private[:samly_assertion]
first_name = Map.get(assertion.attributes, "first_name")
last_name = Map.get(assertion.attributes, "last_name")
you should probably have (sticking with the example of first and last name):
assertion = conn.private[:samly_assertion]
first_name = Map.get(assertion.attributes, "urn:oid:2.5.4.42")
last_name = Map.get(assertion.attributes, "urn:oid:2.5.4.4")
To get at the mail attribute you'd have to look for the appropiate
formal name of the mail attribute your IDP is sending, of course.
Best,
-peter
More information about the users
mailing list