Shibboleth Developers

[Tom Scavo <>]

On Tue, 15 Mar 2005 10:25:22 -0500, Scott Cantor 
<>
 wrote:
> > Yes, that makes sense, but I'm still wondering what the value of the
> > format attribute is:
> 
> It's whatever you fill in, most likely
> urn:mace:shibboleth:1.0:nameIdentifier

Okay, now I'm confused.  Here's how I thought it worked:

- An attribute query is sent to the AA with Format attribute in the
NameIdentifier element set to

urn:mace:shibboleth:1.0:nameIdentifier

- The AA consults origin.xml and finds a NameMapping element such as

<NameMapping
 xmlns="urn:mace:shibboleth:namemapper:1.0"
 id="..."
 format="urn:mace:shibboleth:1.0:nameIdentifier"
 type="SharedMemoryShibHandle"
 handleTTL="1800"/>

- Since the value of the Format attribute of the NameIdentifier
element matches the value of the format attribute of the NameMapping
element, the AA applies mapping type SharedMemoryShibHandle (which is
essentially an alias for mapping
edu.internet2.middleware.shibboleth.hs.provider.SharedMemoryShibHandle).

To use mapping type CryptoHandleGenerator (an alias for
edu.internet2.middleware.shibboleth.hs.provider.CryptoShibHandle),
presumably the Format attribute of the NameIdentifier element and
format attribute of the NameMapping element must be set to some other
value.  What is that value (or what am I missing)?

> You can't have multiple classes handling the same format right now, at least
> not in the AA.

I'm not sure I understand.  The AA supports (via NameMapper) three
mapping types (SharedMemoryShibHandle, CryptoHandleGenerator, and
Principal), each corresponding to a different implementation of
NameIdentifierMapping.  Can custom mappings be defined?

<!-- custom configuration -->
<NameMapping
  xmlns="urn:mace:shibboleth:namemapper:1.0"
  id="..."
  format="https://ncsa.uiuc.edu/shibboleth/X509SubjectName";
  class="edu.uiuc.ncsa.shibboleth.X509SubjectNameNameIdentifierMapping"/>

I just made up values for the format and class attributes, but you get
the idea. ;-)

Thanks,
Tom