Skip to Content.
Sympa Menu

shibboleth-dev - RE: Attribute Encoders on the IDP?

Subject: Shibboleth Developers

List archive

RE: Attribute Encoders on the IDP?


Chronological Thread 
  • From: <>
  • To: <>
  • Subject: RE: Attribute Encoders on the IDP?
  • Date: Wed, 26 Sep 2007 18:32:01 -0400
Title: Attribute Encoders on the IDP?
I never saw a response to this.  My Java skills are insanely rusty, so my progress digging into this code has been slow.  I'm still curious about whether I should have expected this to work.  Is this something the IDP guys haven't had a chance to test/use at all?  If so, I'll proceed on my own, but I'd hate to think I am going about this all wrong.
 
Thanks,
Jeff

From: [mailto:]
Sent: Tuesday, September 25, 2007 12:01 PM
To:
Subject: Attribute Encoders on the IDP?


Should I be digging into the attribute encoders on the IDP?  In Shib 1.3, we had a custom connector that built a custom assertion as well as encoded it before it returned it to shibboleth as a string.  In 2.0, I thought we might return it from the connector as a more complex object and then either write a custom encoder or use an appropriate encoder.

I was perusing the source code as well as doing some experiments to see what would happen if I used the SAML2Base64AttributeEncoder that I found tucked down in the ShibCommon source code.  In my attribute-resolver.xml I specified to use that encoder, but something is going wrong (I don't see any errors logged on the IdP).  Testing with aacli the assertion value doesn't appear:

<saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
   <saml:Attribute Name="principalName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">testUser</saml:AttributeValue>
   </saml:Attribute>
   <saml:Attribute Name="ATTRIBUTE_ID_1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
</saml:AttributeStatement>

If I specify an attribute encoder of string, I get the following:

<saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
   <saml:Attribute Name="principalName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">testUser</saml:AttributeValue>
   </saml:Attribute>
   <saml:Attribute Name="ATTRIBUTE_ID_1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value1</saml:AttributeValue>
   </saml:Attribute>
</saml:AttributeStatement>


Thanks,
Jeff


Archive powered by MHonArc 2.6.16.

Top of Page