Shibboleth Developers

[Tom Scavo <>]

Walter knows this, but I'll mention it in case Shahzad does not.  The
SampleConnector referred to below defines three attributes:
eduPersonPrincipalName, eduPersonAffiliation, and
eduPersonEntitlement.  Only eduPersonAffiliation is returned (as noted
by Shahzad) since that is the only attributre allowed by the site-wide
ARP.

If you want to return additional attributes for a particular
combination of user and SP, create a user ARP as outlined in the
deployment guide and drop it in the arps directory.  Be sure to modify
resolver.xml accordingly (again, see the deployment guide).

The thing I'm not clear on (maybe Walter can help) is the connection
between SampleConnector and resolver.xml.  In the latter, the
attributes are fully qualified but the connector refers only to the
short name.  How does the resolver associate the two?

Thanks,
Tom

On Apr 6, 2005 2:12 PM, Walter Hoehn 
<>
 wrote:
> This IdP doesn't store any data about users and depends on a separate
> storage technology (usually ldap) to provide attribute data.  Attribute
> data is supplied to the IdP through Data Connectors that plug into the
> attribute resolver (configured in resolver.xml).  If this is just for
> testing, it should be fairly easy to edit the sample data connector to
> hardcode any data that you'd like to send over the wire.  Take a look
> at
> "edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnec
> tor".
> 
> -Walter
> 
> 
> On Apr 6, 2005, at 10:35 AM, Shahzad Younas wrote:
> 
> > Hi,
> >
> > I am playing with the default installation of Shibb target and origin.
> >  I
> > have made it so you have to enter username "test" into the HS for it
> > to log
> > in.  How/where (in the default installation) can I set the attributes
> > for
> > this "test" user.
> >
> > I am just playing around with Shibboleth - i know attributes can come
> > from
> > an LDAP server, but I was just wondering where I can quickly define
> > them
> > JUST for this test user.
> > When i manually send a AQM to the AA, only one attribute is returned
> > (below). I want to set the attributes returned for a SINGLE resource
> > and
> > user - just for testing purposes.
> >
> > Thanks!
> > Shahzad
> >
> >
> >  <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"
> > xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
> > xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"
> > InResponseTo="aaf23196-1773-2113-474a-fe114412ab72"
> > IssueInstant="2005-04-06T14:11:40.734Z" MajorVersion="1"
> > MinorVersion="1"
> > ResponseID="a3cc37265ae2fc4761144a1ef87190d4">
> >     <Status>
> >       <StatusCode Value="samlp:Success">
> >       </StatusCode>
> >     </Status>
> >     <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion"
> > AssertionID="f7bdd175dbe7a0e5f9b9b646f8f97b44"
> > IssueInstant="2005-04-06T14:11:40.734Z"
> > Issuer="https://example.org/shibboleth/origin"; MajorVersion="1"
> > MinorVersion="1">
> >       <Conditions NotBefore="2005-04-06T14:11:40.734Z"
> > NotOnOrAfter="2005-04-06T14:41:40.734Z">
> >         <AudienceRestrictionCondition>
> >           <Audience>https://example.org/shibboleth/target</Audience>
> >         </AudienceRestrictionCondition>
> >       </Conditions>
> >       <AttributeStatement>
> >         <Subject>
> >           <NameIdentifier
> > Format="urn:mace:shibboleth:1.0:nameIdentifier"
> > NameQualifier="https://example.org/shibboleth/origin";>21f60480-eef8
> > -49cc-ade
> > d-11a211cb4fe8</NameIdentifier>
> >         </Subject>
> >         <Attribute xmlns:typens="urn:mace:shibboleth:1.0"
> > AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation"
> > AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
> >           <AttributeValue
> > xsi:type="typens:AttributeValueType">member</AttributeValue>
> >         </Attribute>
> >       </AttributeStatement>
> >     </Assertion>
> >   </Response>
> >
> >
> 
> 
>