Shibboleth Developers

At 5:44 PM -0400 10/29/07, Scott Cantor wrote:
> You have to combine various pieces of documentation, the JAAS Realm from
> Tomcat, setting the JAAS configuration itself, and the login module
> properties.

thanks very much! this helped a lot!

as did Daniel's original documentation:

http://www.middleware.vt.edu/doku.php?id=middleware:opensource:ldap

I'm making it thru several of the steps (eg tomcat pops up the form 
page asking for uid/pass, JASS/VT successfully authenticates me 
against ldap).

However, I've misconfigured something, and the role/authZ stuff isn't working.

I see this in the ldap logs:

> conn=231089 op=0 msgId=1 - BIND dn="cn=stc_auth,ou=special 
> users,dc=brown,dc=edu" method=128 version=3
> conn=231089 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 
> dn="cn=stc_auth,ou=special users,dc=brown,dc=edu"
>  conn=231089 op=1 msgId=2 - SRCH base="ou=people,dc=brown,dc=edu" 
> scope=1 filter="(&(uid=stc))" attrs="1.1"
>  conn=231089 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0

I have *no* idea what attrs="1.1" means on the SRCH.....

here's my JAAS config:

shibboleth {
   edu.vt.middleware.ldap.jaas.LdapLoginModule required
     host="ldapauth.cis-qas.brown.edu" port="636"
     base="ou=People,dc=brown,dc=edu"
     ssl="true"
     serviceUser="cn=stc_auth,ou=special users,dc=brown,dc=edu"
     serviceCredential="..."
     userField="uid"
     userRoleAttribute="eduPersonAffiliation";
};

I wanted to retrieve eduPersonAffiliation from ldap, and have that 
mapped to a tomcat role value...

suggestions?