shibboleth-dev - Matching auth to attr request
Subject: Shibboleth Developers
List archive
- From: Alistair Young <>
- To: Shibboleth Dev Team <>
- Subject: Matching auth to attr request
- Date: Thu, 17 Mar 2005 12:48:58 +0000
Is there any way in shibboleth to link an AuthenticationStatement to a providerId? providerId being a shibboleth specific attribute.
It seems the only link between authentication and attribute querying is NameIdentifier.
On initial GET, the target parameter specifies the resource the user wants to access, e.g. http://site.com/page.htm and providerId states who is asking.
When the AA is contacted, the providerId isn't present but the AttributeQuery Resource contains the providerId from the GET request.
According to SAML1.1 core AttributeQuery Resource is "the start of the current document" but shibboleth sets it to the providerId. Is this intentional or a config error?
Or do rules for constructing a providerId somehow tie in with the SAML definition of Resource?
SAML1.1 supports Attribute scoping by requested resource while shibb seems to replace that with scoping via provider.
I can see that a link between auth and attrs can be establised using AttributeQuery Resource but only for shibboleth SPs. It wouldn't work for non shibb ones.
Alistair
- Matching auth to attr request, Alistair Young, 03/17/2005
- RE: Matching auth to attr request, Scott Cantor, 03/17/2005
- Re: Matching auth to attr request, Alistair Young, 03/22/2005
- Re: Matching auth to attr request, Walter Hoehn, 03/22/2005
- RE: Matching auth to attr request, Scott Cantor, 03/22/2005
- RE: Matching auth to attr request, Scott Cantor, 03/22/2005
- Re: Matching auth to attr request, Walter Hoehn, 03/22/2005
- Re: Matching auth to attr request, Alistair Young, 03/22/2005
- RE: Matching auth to attr request, Scott Cantor, 03/17/2005
Archive powered by MHonArc 2.6.16.