Reloadable attribute resolver - Added encoders not showing up
Mak, Steve
makst at upenn.edu
Wed Jul 15 13:35:15 UTC 2020
Hi all I had a question to make sure I'm not doing something wrong.
If I add a new AttributeEncoder to an attribute, eduPersonEntitlement for example, for a relyingParty that needs a new name like "roles", when the IdP reloads the new resolver file after 15 minutes it doesn't seem to pick up the new attribute name even if I wait until my DataConnector's ResultCache expires (expireAfterWrite=PT30M).
I am testing using aacli and testing an actual login.
The new attribute name only seems to show up after I restart my Java container.
Is this expected or am I doing something wrong?
My XML looks like this:
<AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple">
<InputDataConnector ref="incommunity" attributeNames="eduPersonEntitlement"/>
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement"/>
<AttributeEncoder xsi:type="SAML2String" name="https://idp.pennkey.upenn.edu/attributes/Groups" friendlyName="Groups"
relyingParties="SP1"/>
<AttributeEncoder xsi:type="SAML2String" name="groups" friendlyName="groups" relyingParties="SP2"/>
</AttributeDefinition>
And when I tested aacli for SP2, the "groups" attribute was not present until after a container restart.
Thanks!
Steven Mak
More information about the users
mailing list