Custom attribute
Peter Schober
peter.schober at univie.ac.at
Wed Jun 10 13:11:28 UTC 2020
* Lohr, Donald <lohrda at jmu.edu> [2020-06-10 14:44]:
> 1) How should this attribute be defined in the attribute-resolver.xml file
> since no standard /*name="urn:oid:*/
> value for the SAML2String element nor a
> */name="urn:mace:dir:attribute-def:/* value for the SAML1String element?
You very likely will not need a SAML1 attribute name for that (but
immaterial, use the same name as for SAML2, if you do need one).
As for attribute naming: If there's no appropriate standard identifier
for something like that you'd make up your own.
Since JMU seems to have an OID assigned from IANA:
10767
James Madison University
Scott Dellinger
dellinsd&jmu.edu
you could use something under that as the formal attribute name, i.e.,
1.3.6.1.4.1.10767.whatever.talk.to.Scott.Dellinger
Or you could invent a URL under the jmu.edu domain as a name.
> 2) Or what documentation exists that explains how I should approach this?
If you mean the software configuration then the docs are at
https://wiki.shibboleth.net/confluence/display/IDP30/AttributeResolverConfiguration
or
https://wiki.shibboleth.net/confluence/display/IDP4/AttributeResolverConfiguration
depending on your IDP version.
I.e., you define an AttributeDefinition and in that you also tell the
IDP where the data comes from, i.e, you reference the DataConnector
that returns this data. If none of the existing DataConnectors
(e.g. "myLDAP") do that you'll also need to define a DataConnector
that does.
-peter
More information about the users
mailing list