Two released attributes with same value

Donald Lohr lohrda at
Thu Aug 5 15:28:25 UTC 2021

We have a (what seems like) not a very well designed SP and the vendor's 
original config only supported emailAddress, which we mapped to our mail 
attribute from our ldap server. Below is the attribute-resolver.xml and 
attribute-filter.xml config for this SP:

<resolver:AttributeDefinition xsi:type="ad:Simple" id="emailAddress" 
     <resolver:Dependency ref="ldap" />
     <resolver:AttributeEncoder xsi:type="enc:SAML2String" 
name="emailAddress" />

<AttributeFilterPolicy id="xxxxxxxx">
     <PolicyRequirementRule xsi:type="Requester" 
value="yyyyyyyyyyyyyyyyyyy" />
     <AttributeRule attributeID="emailAddress">
         <PermitValueRule xsi:type="ANY" />

The vendor has just rolled out a new feature that our school wants to 
use. That feature uses another attribute value on the user's SP profile 
that also holds the user's email address value.

I looked on the Shibboleth wiki, but not really sure what I'm looking 
for. Is there away to slightly alter the aforementioned 
attribute-resolver.xml definition to include their new attribute name 
(info1) and populate it with the user's mail attribute value? Or should 
I just duplicate that attribute-resolver.xml definition and make the 
necessary changes?

Or is there documentation for this that someone would point me to.

Thanks so very much.

D o n a l d   L o h r
I n f o r m a t i o n   S y s t e m s
J a m e s   M a d i s o n   U n i v e r s i t y
5 4 0 . 5 6 8 . 3 7 3 0

More information about the users mailing list