Shibboleth Developers

[<>]

Chad, 

I was not working with my custom connector yet, just experimenting with
the attribute encoder.  Thanks for the info.

I have now ported my custom data connector from Shib 1.3 to Shib 2.0,
and I believe it is okay, but there is some binding somewhere I can't
find.  In the old resolver, you could specify the classname from the
resolver.xml; in the current releases, the classes are never specified,
just the name.  I believe there is some configuration file or class that
I am overlooking that I need to update so that Shibboleth can use my
connector.  Any pointers would be great.

My instinct is that the file I need to update is internal.xml, since it
includes many maps of ID to class, but I see nothing in the file related
to data connectors, so if I do need to update it, I'm unsure how.

Thanks,
Jeff

-----Original Message-----
From: Chad La Joie 
[mailto:]
 
Sent: Thursday, September 27, 2007 7:36 AM
To: 

Subject: Re: Attribute Encoders on the IDP?

Sorry I didn't reply before.  This got lost in my email.

Jeff, from the javadoc of the SAML 1/2 base64 encoder:

This attribute encoder only operates of 
{@link
 BaseAttribute}s with
values of type <code>byte[]</code>.

Is your custom connector changing your assertion into a byte[]?

This limitation is there because Java doesn't provide a reasonable way
to change a generic Object into a byte[] so I can't do any automatic
type conversion as is possible with some of the other encoders.


 wrote:
> Should I be digging into the attribute encoders on the IDP?  In Shib
1.3, we had a custom connector that built a custom assertion as well as
encoded it before it returned it to shibboleth as a string.  In 2.0, I
thought we might return it from the connector as a more complex object
and then either write a custom encoder or use an appropriate encoder. 
> 
> I was perusing the source code as well as doing some experiments to
see what would happen if I used the SAML2Base64AttributeEncoder that I
found tucked down in the ShibCommon source code.  In my
attribute-resolver.xml I specified to use that encoder, but something is
going wrong (I don't see any errors logged on the IdP).  Testing with
aacli the assertion value doesn't appear:
> 
> <saml:AttributeStatement
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
>    <saml:Attribute Name="principalName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
>       <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xs:string">testUser</saml:AttributeValue>
>    </saml:Attribute>
>    <saml:Attribute Name="ATTRIBUTE_ID_1" 
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"/>
> </saml:AttributeStatement>
> 
> If I specify an attribute encoder of string, I get the following:
> 
> <saml:AttributeStatement
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
>    <saml:Attribute Name="principalName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
>       <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xs:string">testUser</saml:AttributeValue>
>    </saml:Attribute>
>    <saml:Attribute Name="ATTRIBUTE_ID_1"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
>       <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="xs:string">value1</saml:AttributeValue>
>    </saml:Attribute>
> </saml:AttributeStatement>
> 
> 
> Thanks,
> Jeff
> 

-- 
Chad La Joie             2052-C Harris Bldg
OIS-Middleware           202.687.0124