Resolving attributes from a SAML proxy
Cantor, Scott
cantor.2 at osu.edu
Wed Oct 6 19:49:50 UTC 2021
On 10/6/21, 3:45 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> And it sounds like it'd be simpler to just do that for the one attribute Im trying to add. If I did still want to
> define it in the attribute resolver instead, that would work, too, correct?
Yes (for upgraded IdPs). New installs do not load the resolver file into the registry so it doesn't see or generate rules based on AttributeEncoders.
> Would I just make it of type "simple" and list my subject data connector as the input data connector for the
> attribute definition?
You can, but the purpose isn't to get it to "produce" the Attribute, it's to attach the AttributeEncoder so that the id and the claim name are connected. If you don't put the AttributeEncoder there, it won't work, and in turn it will generate a SAML Attribute by that name on the wire on the way out if it releases that also.
-- Scott
More information about the users
mailing list