Skip to Content.
Sympa Menu

shibboleth-dev - Re: Attribute Encoders on the IDP?

Subject: Shibboleth Developers

List archive

Re: Attribute Encoders on the IDP?


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: Attribute Encoders on the IDP?
  • Date: Thu, 27 Sep 2007 07:35:58 -0400
  • Openpgp: id=A260F52E; url=http://pgpkeys.pca.dfn.de/pks/lookup?op=get&search=0x3F5E9E87A260F52E
  • Organization: Georgetown University

Sorry I didn't reply before. This got lost in my email.

Jeff, from the javadoc of the SAML 1/2 base64 encoder:

This attribute encoder only operates of
{@link
BaseAttribute}s with
values of type <code>byte[]</code>.

Is your custom connector changing your assertion into a byte[]?

This limitation is there because Java doesn't provide a reasonable way
to change a generic Object into a byte[] so I can't do any automatic
type conversion as is possible with some of the other encoders.


wrote:
> Should I be digging into the attribute encoders on the IDP? In Shib 1.3,
> we had a custom connector that built a custom assertion as well as encoded
> it before it returned it to shibboleth as a string. In 2.0, I thought we
> might return it from the connector as a more complex object and then either
> write a custom encoder or use an appropriate encoder.
>
> I was perusing the source code as well as doing some experiments to see
> what would happen if I used the SAML2Base64AttributeEncoder that I found
> tucked down in the ShibCommon source code. In my attribute-resolver.xml I
> specified to use that encoder, but something is going wrong (I don't see
> any errors logged on the IdP). Testing with aacli the assertion value
> doesn't appear:
>
> <saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
> <saml:Attribute Name="principalName"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="xs:string">testUser</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="ATTRIBUTE_ID_1"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
> </saml:AttributeStatement>
>
> If I specify an attribute encoder of string, I get the following:
>
> <saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
> <saml:Attribute Name="principalName"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="xs:string">testUser</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="ATTRIBUTE_ID_1"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="xs:string">value1</saml:AttributeValue>
> </saml:Attribute>
> </saml:AttributeStatement>
>
>
> Thanks,
> Jeff
>

--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124



Archive powered by MHonArc 2.6.16.

Top of Page