Releasing mail as scoped sAMAccoutName for a specific SP
Peter Schober
peter.schober at univie.ac.at
Mon Jun 14 16:06:27 UTC 2021
* Nilan Morjaria-Patel <N.Morjaria-Patel at soton.ac.uk> [2021-06-14 17:44]:
> I require help regarding the above. I have the following script in
> attribute-resolver.xml where the SP's only requirement is
> mail. However our users can change their mail prefix so we want to
> release the scoped sAMAccoutName instead.
You'd use a Scoped attribute definition that slaps on %{idp.scope} to
your sAMAccoutName attribute.
Then an Encoder to send it as mail attribute with a relyingParties
XML-attribute enumerating the SPs that require this hack.
No scripting necessary and likely will fix your issue of duplicate
values, too.
-peter
More information about the users
mailing list