Shibboleth Developers

[Walter Hoehn <>]

On a humorous side note, I found this out by accident several weeks  
ago.  My IdP issued an assertion containing both of the following  
snippets:

<Subject>
	<NameIdentifier  
Format="urn:mace:memphis.edu:IDM:SSO:attributes:uuid"          
NameQualifier="urn:mace:memphis.edu:IDM:SSO:IdP">wassa</NameIdentifier>
</Subject>

<Attribute  
AttributeName="urn:mace:memphis.edu:IDM:SSO:attributes:uuid"  
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
        <AttributeValue>wassa</AttributeValue>
</Attribute>

After my eyes uncrossed, I realized why I had "wassa; wassa" shoved  
into my header.

-Walter


On Mar 3, 2006, at 6:36 AM, Ian Young wrote:

> > >  If the value of ePTID is identical to a
> > > persistent identifier (for a given SP and principal), why not expose
> > > both?  From the SP's point of view, attributes are (slightly) more
> > > flexible than name identifiers, I think.  For instance, how do you
> > > pass a name identifier in an HTTP header?
> > We do this now. You can map based on the Format string to any  
> > header you
> > want, or filter based on site, as with an attribute. The  
> > flexibility in the
> > SP that's missing is the handling of the serialization to a  
> > string. Once
> > that's added/unified, they should be roughly the same. It's a  
> > matter of
> > code, not any special magic attributes have.
>
> This sounded really interesting, so I tried to figure out how it  
> worked.  I couldn't find any documentation or glean anything from  
> the 1.3 SP configuration schema.  Can you give an example?
>
>         -- Ian