Shibboleth Developers

["Alistair Young" <>]

HTTP_SHIB

is this the "standard" for interop? Is there a reason why an attribute is
prefixed with HTTP_SHIB?

Presumably an application has to "bind" itself to a particular
implementation of the Shibboleth profile. Either that or a standard is
adopted in attribute naming in the headers.

Is HTTP_SHIB the de facto standard that all other implementations should
conform to?

-- 
Alistair Young
Senior Software Engineer
UHI@Sabhal
 Mòr Ostaig
Isle of Skye
Scotland

> Following the rule that it is better to give a man a fishing rod rather
> than a fish ;-), Walter Hoehn wrote:
>
>> <Subject>
>>     <NameIdentifier
>> Format="urn:mace:memphis.edu:IDM:SSO:attributes:uuid"
>> NameQualifier="urn:mace:memphis.edu:IDM:SSO:IdP">wassa</NameIdentifier>
>> </Subject>
>>
>> <Attribute AttributeName="urn:mace:memphis.edu:IDM:SSO:attributes:uuid"
>> AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
>>     <AttributeValue>wassa</AttributeValue>
>> </Attribute>
>>
>> After my eyes uncrossed, I realized why I had "wassa; wassa" shoved into
>> my header.
>
> So, I put this in my AAP.xml:
>
> <!-- match Name here to name identifier Format -->
> <AttributeRule Name="urn:mace:shibboleth:1.0:nameIdentifier"
>       Header="Shib-nameIdentifier">
>     <AnySite>
>        <AnyValue/>
>     </AnySite>
> </AttributeRule>
>
> ... and the result was that I get two new headers delivered to my
> application:
>
> HTTP_HTTP_SHIB_NAMEIDENTIFIER containing _ead8687e26f20a8b37e8012cefde8b8a
>
> HTTP_SHIB_NAMEIDENTIFIER_FORMAT containing
> urn:mace:shibboleth:1.0:nameIdentifier
>
> Very cool!  Is this documented somewhere?
>
> Mysteriously, if I say that the header is called "Shib-XXX" instead, I
> get a header called HTTP_SHIB_XXX but the one called
> HTTP_SHIB_NAMEIDENTIFIER_FORMAT is still called that.  Not sure whether
> this is what I'd expect or not.
>
>       -- Ian
>