Shibboleth Developers

["RL 'Bob' Morgan" <>]

The origin deploy doc says that the AA Echo context will supply both
ePAffil of member and EPPN, but EPPN isn't working for my UWash origin.

I fiddled with the ARP settings in the AA, that is, in the file
/usr/local/tomcat/webapps/shibboleth/WEB-INF/conf/arps/admin, so it now
says:

  % ArpUtil list admin
  ARP: admin(admin)
        SHAR: no.other.match(default)
                URL: * [*]
                        eduPersonAffiliation
                        eduPersonPrincipalName

which I think says to release EPPN.

Tomcat is getting the REMOTE_USER env var (confirmed via snoop.jsp).
But my test app only ever gets:

  HTTP_SHIB_EP_AFFILIATION == 
""

Now it is a (mis-)feature of my local signon system that REMOTE_USER is
expressed as an unscoped userid, ie "rlmorgan" rather than
""
 (or actually 
""
 which
is the official Kerb principal).  It isn't clear to me whether the origin
code is expecting REMOTE_USER to be unscoped or not.

When I test using the Example U origin I also only get member@, but I
assume that's the way that origin is set.

So, any enlightenment here?  Are others successfully releasing EPPN?
Twould be nice to demo some apps that need userid.

Thanks,

 - RL "Bob"


------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--