shibboleth-dev - RE: Shib 2 - SP Question
Subject: Shibboleth Developers
List archive
- From: <>
- To: <>
- Subject: RE: Shib 2 - SP Question
- Date: Tue, 31 Jul 2007 18:18:02 -0400
The artifact problem was as you hypothesized a metadata problem (the
same one you found 2-3 months ago with the Ping generated metadata). It
was a simple fix, once I was pointed in the right direction.
-----Original Message-----
From: Scott Cantor
[mailto:]
Sent: Tuesday, July 31, 2007 6:13 PM
To:
Subject: RE: Shib 2 - SP Question
> In the AttributeMap file, one field must be populated (and correctly)
> or the attribute is thrown away, it is the "nameFormat" field. If it
> is missing or populated incorrectly (I had it missing and used
"unspecified"
> before I finally populated it correctly), the attribute is filtered
> out of the assertion and as far as I can tell nothing shows up in the
> logfile to mention the assertion is being ignored.
Logging is probably horrid, but the reason it's filtered is that we on
this project feel that non-URI names are evil. To express this
revulsion, I make life hard for people that use non-URI naming by
defaulting the nameFormat to either the SAML 2.0 URI string or the Shib
custom Namespace we defined. If you leave it out, that's what it's
trying to match when it looks at the attributes.
(It's logical for you to assume that omitting it == unspecified.)
> The second thing might be more of a discussion topic (and I have a
> feeling the natural response is going to be, that the IDP I am using
> is not following the standards, and while that may be true, it seems
> like this might be something the SP should handle). When an attribute
> is sufficiently "complex", this IDP escapes the attribute with a CDATA
> wrapper (<![CDATA[<data here>]]>). The question I guess is how should
> the Shibboleth SP handle attribute values presented in this way?
Yeesh, I've never seen CDATA used in SAML before. I imagine it's not a
Text node in the DOM, that's why the default decoders skip it.
I could easily say "that's what custom decoders are for", but I'll see
what I can do about it.
Thx,
-- Scott
PS. I take it you got artifact to work after we chatted?
- Shib 2 - SP Question, Jeff.Krug, 07/27/2007
- RE: Shib 2 - SP Question, Scott Cantor, 07/27/2007
- RE: Shib 2 - SP Question, Jeff.Krug, 07/30/2007
- RE: Shib 2 - SP Question, Scott Cantor, 07/30/2007
- Re: Shib 2 - SP Question, Nate Klingenstein, 07/30/2007
- RE: Shib 2 - SP Question, Jeff.Krug, 07/31/2007
- RE: Shib 2 - SP Question, Scott Cantor, 07/31/2007
- RE: Shib 2 - SP Question, Jeff.Krug, 07/31/2007
- RE: Shib 2 - SP Question, Scott Cantor, 07/31/2007
- RE: Shib 2 - SP Question, Scott Cantor, 07/31/2007
- RE: Shib 2 - SP Question, Jeff.Krug, 07/31/2007
- RE: Shib 2 - SP Question, Jeff.Krug, 07/30/2007
- RE: Shib 2 - SP Question, Scott Cantor, 07/27/2007
- RE: Shib 2 - SP Question, Scott Cantor, 07/27/2007
Archive powered by MHonArc 2.6.16.