IDP 4 attribute release issue
Beytrison Olivier
olivier.beytrison at hefr.ch
Fri Nov 20 15:32:28 UTC 2020
Hi Scott, thanks for the pointers.
> It's exactly what I just posted. An upgraded IdP has an internally
controlled set of resources to load into the registry service that includes
the resolver configuration file. That ensures any legacy AttributeEncoders
are handled so the output is the same as it was.
Actually it's a fresh install but based on the documentation from Switch AAI
for the IDP 3.4 [1]. But they already did some work to make it compatible
with v4 (like the new attribute filter definition).
> If you don't upgrade properly, or if you do some sort of post-upgrade
change to the configuration that stops loading that file into the registry
service or removes the AttributeEncoder(s), it's not going to work unless
you manually add a transcoding rule for "email", which is not the standard
alias used for the attribute ("mail" is).
If we speak of the mail attribute, that's what I have in the
attribute-resolver (as provided by switchAAI [2]). (I don't have any other
AttributeDefinition for mail or email loaded by services.xml):
<AttributeDefinition id="email" xsi:type="Simple">
<InputDataConnector ref="myLDAP" attributeNames="mail" />
[snip display name and description]
<AttributeEncoder xsi:type="SAML1String"
name="urn:mace:dir:attribute-def:mail" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail"
encodeType="false" />
</AttributeDefinition>
As I understand the encoder is present and the attribute should be in the
assertion.
Being new with IDP (took over it 2 weeks ago) I don't see all interaction
yet.
If needed I can make part or most of the configuration available for review.
Thanks for your support,
Regards,
Olivier B.
[1] https://www.switch.ch/aai/guides/idp/installation/
[2]
https://www.switch.ch/aai/guides/idp/installation/attribute-resolver-switcha
ai-core.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5844 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20201120/18c9d22b/attachment.p7s>
More information about the users
mailing list