shibboleth-dev - Attribute Encoders on the IDP?
Subject: Shibboleth Developers
List archive
- From: <>
- To: <>
- Subject: Attribute Encoders on the IDP?
- Date: Tue, 25 Sep 2007 12:01:16 -0400
Title: Attribute Encoders on the IDP?
Should I be digging into the attribute encoders on the IDP? In Shib 1.3, we had a custom connector that built a custom assertion as well as encoded it before it returned it to shibboleth as a string. In 2.0, I thought we might return it from the connector as a more complex object and then either write a custom encoder or use an appropriate encoder.
I was perusing the source code as well as doing some experiments to see what would happen if I used the SAML2Base64AttributeEncoder that I found tucked down in the ShibCommon source code. In my attribute-resolver.xml I specified to use that encoder, but something is going wrong (I don't see any errors logged on the IdP). Testing with aacli the assertion value doesn't appear:
<saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Attribute Name="principalName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">testUser</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="ATTRIBUTE_ID_1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
</saml:AttributeStatement>
If I specify an attribute encoder of string, I get the following:
<saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Attribute Name="principalName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">testUser</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="ATTRIBUTE_ID_1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value1</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
Thanks,
Jeff
- Attribute Encoders on the IDP?, Jeff.Krug, 09/25/2007
- RE: Attribute Encoders on the IDP?, Jeff.Krug, 09/26/2007
- Re: Attribute Encoders on the IDP?, Chad La Joie, 09/27/2007
- RE: Attribute Encoders on the IDP?, Jeff.Krug, 09/28/2007
- Re: Attribute Encoders on the IDP?, Nate Klingenstein, 09/29/2007
- RE: Attribute Encoders on the IDP?, Jeff.Krug, 09/28/2007
Archive powered by MHonArc 2.6.16.