Resolving attributes from a SAML proxy
Wessel, Keith
kwessel at illinois.edu
Wed Oct 6 20:36:52 UTC 2021
I'll give that a shot, Mike. If I put it in the registry, I don't need the data connector, right? Just the registry entry and the attribute filter?
Keith
From: users <users-bounces at shibboleth.net> On Behalf Of Michael Grady
Sent: Wednesday, October 6, 2021 3:28 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Resolving attributes from a SAML proxy
On Oct 6, 2021, at 3:10 PM, Wessel, Keith <kwessel at illinois.edu<mailto:kwessel at illinois.edu>> wrote:
Alright.
And the type of the attribute should be simple (since it's not going to be a scoped attribute)?
And the subjectDataConnector should be the input to the attribute definition?
Yes, the attribute registry is sounding better by the minute.
Keith
And using the registry for this does not mean that you need to convert over to it entirely right away. I just comment out the "import" lines (in default-rules.xml) I don't want to use yet (that would conflict with encoders already in the resolver), and add in new import lines to bring in the Azure claims rules, or the OIDC claims rule, etc. I.e. start using the registry where there are already great example/starting files to bring in for new functionality, and then later worry about using it more broadly.
--
Michael A. Grady
IAM Architect, Unicon, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211006/aaeb9b34/attachment.htm>
More information about the users
mailing list