Shibboleth Developers

[Ian Young <>]

Following the rule that it is better to give a man a fishing rod rather 
than a fish ;-), Walter Hoehn wrote:

> <Subject>
>     <NameIdentifier 
> Format="urn:mace:memphis.edu:IDM:SSO:attributes:uuid"         
> NameQualifier="urn:mace:memphis.edu:IDM:SSO:IdP">wassa</NameIdentifier>
> </Subject>
>
> <Attribute AttributeName="urn:mace:memphis.edu:IDM:SSO:attributes:uuid" 
> AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
>     <AttributeValue>wassa</AttributeValue>
> </Attribute>
>
> After my eyes uncrossed, I realized why I had "wassa; wassa" shoved into 
> my header.

So, I put this in my AAP.xml:

<!-- match Name here to name identifier Format -->
<AttributeRule Name="urn:mace:shibboleth:1.0:nameIdentifier"
        Header="Shib-nameIdentifier">
   <AnySite>
      <AnyValue/>
   </AnySite>
</AttributeRule>

... and the result was that I get two new headers delivered to my 
application:

HTTP_HTTP_SHIB_NAMEIDENTIFIER containing _ead8687e26f20a8b37e8012cefde8b8a

HTTP_SHIB_NAMEIDENTIFIER_FORMAT containing 
urn:mace:shibboleth:1.0:nameIdentifier

Very cool!  Is this documented somewhere?

Mysteriously, if I say that the header is called "Shib-XXX" instead, I 
get a header called HTTP_SHIB_XXX but the one called 
HTTP_SHIB_NAMEIDENTIFIER_FORMAT is still called that.  Not sure whether 
this is what I'd expect or not.

        -- Ian