Shibboleth Developers

[Tom Scavo <>]

On Tue, 15 Mar 2005 11:30:15 -0500, Scott Cantor 
<>
 wrote:
> 
> But we don't *want* people making up formats. Format is a SAML concept.

We don't want to create anything new either, but unfortunately, it
looks like we have to.  We have to be able to configure a Shibboleth
IdP so that it returns attributes about a subject that it knows
nothing about.  Moreover, the custom configuration must be applicable
to an existing deployment (although we are free to require a minimum
version of Shibboleth).

Our first pass at solving the problem is specified in the profile
posted last week.  In that profile, an attribute requester pulls
attributes from a suitably configured AA endpoint.  The NameIdentifier
in the request is a DN, which the AA knows nothing about.  To
compensate, we intend to write a custom implementation of
NameIdentifierMapping that reads a static mapfile on the IdP.

Suppose we had such a plugin called

edu.uiuc.ncsa.shibboleth.plugin.X509SubjectNameNameIdentifierMapping

which extended BaseNameIdentifierMapping.  (No, the class in CVS of
the same name will not work for us.)  Suppose further we had the
following NameMapping element in origin.xml:

<NameMapping
  xmlns="urn:mace:shibboleth:namemapper:1.0"
  id="..."
  format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
  
class="edu.uiuc.ncsa.shibboleth.plugin.X509SubjectNameNameIdentifierMapping"/>

Will this work in Shib 1.3?

Thanks,
Tom