shibboleth-dev - Re: SAML attribute query exception
Subject: Shibboleth Developers
List archive
- From: Nate Klingenstein <>
- To:
- Subject: Re: SAML attribute query exception
- Date: Mon, 3 Dec 2007 04:05:18 +0000
Eric, Assuming you are indeed being asked to authenticate and that's not misconfigured, this time you need an appropriate principal connector defined, and appropriate release for it configured. In particular, in attribute-resolver.xml, you need something like: <resolver:PrincipalConnector xsi:type="Direct" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="saml1UnspecDirect" nameIDFormat="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified" /> <resolver:PrincipalConnector xsi:type="Direct" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="saml2UnspecDirect" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" /> and <resolver:AttributeDefinition id="principalName" xsi:type="PrincipalName" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" /> <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" /> <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified" /> </resolver:AttributeDefinition> You will also need a release policy in attribute-filter.xml such as: <AttributeFilterPolicy id="releasePrincipalToAnyone"> <PolicyRequirementRule xsi:type="basic:ANY" /> <AttributeRule attributeID="principalName"> <PermitValueRule xsi:type="basic:ANY" /> </AttributeRule> </AttributeFilterPolicy> There is no privacy preserved in those settings, but give them a try to see if the provider will function. Nate. On 3 Dec 2007, at 03:47, Yifan (Eric) Jiang wrote:
|
- SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/02/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/02/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Chad La Joie, 12/03/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/03/2007
- Re: SAML attribute query exception, Chad La Joie, 12/03/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/03/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/03/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/02/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/02/2007
Archive powered by MHonArc 2.6.16.