Kerberos SPNEGO
BÖSCH Christian
boesch at fhv.at
Thu May 7 14:38:08 UTC 2020
Hi,
I want to enable Kerberos/SPNEGO and trying to adapt the attribute resolution as it is
documented in the wiki.
<AttributeDefinition id="principalName"
xsi:type="PrincipalName"
dependencyOnly="true">
</AttributeDefinition>
<AttributeDefinition id="krb_principalname"
xsi:type="Mapped"
dependencyOnly="true">
<InputAttributeDefinition ref="principalName" />
<DefaultValue passThru="true"/>
<ValueMap>
<ReturnValue>$1</ReturnValue>
<SourceValue>(.+)@AD.ABC.NET</SourceValue>
</ValueMap>
</AttributeDefinition>
And then use the searchfilter:
idp.attribute.resolver.LDAP.searchFilter = (|(eduPersonPrincipalName=$resolutionContext.principal)(uid=${krb_principalname.get(0)}))
But then I get the error on restart:
net.shibboleth.utilities.java.support.service.ServiceException: org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean definition with name 'myLDAPfhv' defined in null: Could not resolve placeholder 'krb_principalname.get(0)' in value "(|(eduPersonPrincipalName=$resolutionContext.principal)(uid=${krb_principalname.get(0)}))"; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder 'krb_principalname.get(0)' in value "(|(eduPersonPrincipalName=$resolutionContext.principal)(uid=${krb_principalname.get(0)}))"
Is there anything I've overlooked?
Thanks,
Christian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200507/340e8425/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4155 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20200507/340e8425/attachment.p7s>
More information about the users
mailing list