shibboleth-dev - attribute aggregation
Subject: Shibboleth Developers
List archive
- From: "Tom Scavo" <>
- To: "Shibboleth Development" <>
- Subject: attribute aggregation
- Date: Tue, 28 Mar 2006 16:31:13 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=dzl8tyQKj6m2asU/dT7J77DZe8zJmdCpXNzT13+waoMmFT7pAVYo0i6N/pEsqsqJ9lsN8T7dWJWKrny3rk9q734HzYphN+7H/KQGfUtUxXIvgaJS3tethJJtkU7MTKx+RYvzDLlIiCDfwK+rCtqYuGEvuWvsMuFhwdCthI+L40c=
Suppose IdPA pushes both an authentication assertion and an attribute
assertion to the SP. Assume the NemeIdentifier is a globally unique
(persistent) principal identifier (such as ePPN or ePTID). Suppose
further that the NameQualifier attribute is set to the providerId of
IdPB. Is there any way to force an attribute query to IdPB despite the
fact that the SP has already consumed the attribute assertion from
IdPA?
If not, can we trigger the query by augmenting one of the assertions
in some way, perhaps by putting a special URI in the
AuthenticationMethod attribute of the authentication assertion (which
is needed anyway for the use case I have in mind) or by specifying a
new SAML attribute (whose value is a providerId) especially designed
for this purpose?
Thanks,
Tom
- attribute aggregation, Tom Scavo, 03/28/2006
- RE: attribute aggregation, Scott Cantor, 03/28/2006
- Re: attribute aggregation, Tom Scavo, 03/28/2006
- RE: attribute aggregation, Scott Cantor, 03/28/2006
- Re: attribute aggregation, Tom Scavo, 03/28/2006
- RE: attribute aggregation, Scott Cantor, 03/28/2006
- Re: attribute aggregation, Tom Scavo, 03/28/2006
- RE: attribute aggregation, Scott Cantor, 03/28/2006
- Re: attribute aggregation, Tom Scavo, 03/28/2006
- RE: attribute aggregation, Scott Cantor, 03/28/2006
Archive powered by MHonArc 2.6.16.