shibboleth-dev - Re: Attribute Encoders on the IDP?
Subject: Shibboleth Developers
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: Attribute Encoders on the IDP?
- Date: Thu, 27 Sep 2007 07:35:58 -0400
- Openpgp: id=A260F52E; url=http://pgpkeys.pca.dfn.de/pks/lookup?op=get&search=0x3F5E9E87A260F52E
- Organization: Georgetown University
Sorry I didn't reply before. This got lost in my email.
Jeff, from the javadoc of the SAML 1/2 base64 encoder:
This attribute encoder only operates of
{@link
BaseAttribute}s with
values of type <code>byte[]</code>.
Is your custom connector changing your assertion into a byte[]?
This limitation is there because Java doesn't provide a reasonable way
to change a generic Object into a byte[] so I can't do any automatic
type conversion as is possible with some of the other encoders.
wrote:
> Should I be digging into the attribute encoders on the IDP? In Shib 1.3,
> we had a custom connector that built a custom assertion as well as encoded
> it before it returned it to shibboleth as a string. In 2.0, I thought we
> might return it from the connector as a more complex object and then either
> write a custom encoder or use an appropriate encoder.
>
> I was perusing the source code as well as doing some experiments to see
> what would happen if I used the SAML2Base64AttributeEncoder that I found
> tucked down in the ShibCommon source code. In my attribute-resolver.xml I
> specified to use that encoder, but something is going wrong (I don't see
> any errors logged on the IdP). Testing with aacli the assertion value
> doesn't appear:
>
> <saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
> <saml:Attribute Name="principalName"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="xs:string">testUser</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="ATTRIBUTE_ID_1"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
> </saml:AttributeStatement>
>
> If I specify an attribute encoder of string, I get the following:
>
> <saml:AttributeStatement xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
> <saml:Attribute Name="principalName"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="xs:string">testUser</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="ATTRIBUTE_ID_1"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:type="xs:string">value1</saml:AttributeValue>
> </saml:Attribute>
> </saml:AttributeStatement>
>
>
> Thanks,
> Jeff
>
--
Chad La Joie 2052-C Harris Bldg
OIS-Middleware 202.687.0124
- Attribute Encoders on the IDP?, Jeff.Krug, 09/25/2007
- RE: Attribute Encoders on the IDP?, Jeff.Krug, 09/26/2007
- Re: Attribute Encoders on the IDP?, Chad La Joie, 09/27/2007
- RE: Attribute Encoders on the IDP?, Jeff.Krug, 09/28/2007
- Re: Attribute Encoders on the IDP?, Nate Klingenstein, 09/29/2007
- RE: Attribute Encoders on the IDP?, Jeff.Krug, 09/28/2007
Archive powered by MHonArc 2.6.16.