LDAP authentication and attribute release to sp failed
s chang
shirleyc2003 at yahoo.com
Tue Nov 17 03:23:33 UTC 2020
We tried to config LDAP authentication and try to releaseattribute mail to sp, but don't see mail attribute from sp side. Did we misssome config?
Below are the current ldap settings in 3 files.
ldap.properties
idp.authn.LDAP.authenticator = adAuthenticator
idp.attribute.resolver.LDAP.searchFilter = (mail=$resolutionContext.principal)
idp.attribute.resolver.LDAP.returnAttributes = mail
Attribute-Resolver.xml
<AttributeDefinitionxsi:type="Simple" id="mail" sourceAttributeID="mail">
<InputDataConnectorref="myLDAP" attributeNames="mail"/>
<AttributeEncoderxsi:type="SAML1String" encodeType="false"name="urn:mace:dir:attribute-def:mail"/>
<AttributeEncoderxsi:type="SAML2String" encodeType="false"name="urn:oid:0.9.2342.19200300.100.1.3"friendlyName="mail"/>
</AttributeDefinition>
Attribute-filter.xml
<AttributeFilterPolicyid="anyone">
<PolicyRequirementRulexsi:type="ANY"/>
<AttributeRuleattributeID="mail">
<PermitValueRulexsi:type="ANY"/>
</AttributeRule>
</AttributeFilterPolicy>
thanks, SC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201117/e23bc138/attachment.htm>
More information about the users
mailing list