Resolving attributes from a SAML proxy
cantor.2 at osu.edu
Wed Oct 6 20:00:55 UTC 2021
On 10/6/21, 3:55 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> I believe you're saying that simply having it defined in the attribute resolver will allow it to do a reverse
> lookup of the SAML2 attribute name in the encoder to an attribute name inside the IdP. So, do I just need the
> attribute definition and not the subject data connector if I'm only using it internally and not releasing it?
You need the data connector if you intend resolving attributes to produce the thing. If you just want it inside the Java Subject itself, then the definition alone is enough. I doubt that's what you really intend, so you need the connector to pull it out. You might as well just layer the attribute definition on it too.
There's a reason this is all insane, that's why the registry had to be created. Even trying to explain how to do it the other way is unintelligible.
More information about the users