shibboleth-dev - RE: SAML attribute query exception
Subject: Shibboleth Developers
List archive
- From: "Yifan (Eric) Jiang" <>
- To: <>
- Subject: RE: SAML attribute query exception
- Date: Mon, 3 Dec 2007 17:18:14 +1300
|
Hi Nate, The attribute-resolver.xml that I used was
downloaded from https://spaces.internet2.edu/download/attachments/5557/attribute-resolver.xml?version=2,
and I only update the scope value. So the configuration of PrincipalConnector
and AttributeDefinition of principalName are remained as default value, i.e. they
have the same value as your suggestion. In addition, I’ve added tomcatAuthentication="false"
in tomcatAuthentication="false" Thanks Eric From: Nate
Klingenstein [mailto:] Eric, Assuming you are indeed being asked to authenticate and that's not
misconfigured, this time you need an appropriate principal connector defined,
and appropriate release for it configured. In particular, in
attribute-resolver.xml, you need something like: <resolver:PrincipalConnector
xsi:type="Direct" xmlns="urn:mace:shibboleth:2.0:resolver:pc"
id="saml1UnspecDirect"
nameIDFormat="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified"
/> <resolver:PrincipalConnector
xsi:type="Direct" xmlns="urn:mace:shibboleth:2.0:resolver:pc"
id="saml2UnspecDirect"
nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
/> and <resolver:AttributeDefinition
id="principalName" xsi:type="PrincipalName" xmlns="urn:mace:shibboleth:2.0:resolver:ad"> <resolver:AttributeEncoder
xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" /> <resolver:AttributeEncoder
xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"
/>
<resolver:AttributeEncoder
xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified"
/>
</resolver:AttributeDefinition> You will also need a release policy in attribute-filter.xml such as: <AttributeFilterPolicy
id="releasePrincipalToAnyone"> <PolicyRequirementRule
xsi:type="basic:ANY" /> <AttributeRule
attributeID="principalName"> <PermitValueRule
xsi:type="basic:ANY" /> </AttributeRule> </AttributeFilterPolicy> There is no privacy preserved in those settings, but give them a try to
see if the provider will function. Nate. |
- SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/02/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/02/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Chad La Joie, 12/03/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/03/2007
- Re: SAML attribute query exception, Chad La Joie, 12/03/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/03/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/03/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/02/2007
- RE: SAML attribute query exception, Yifan (Eric) Jiang, 12/02/2007
- Re: SAML attribute query exception, Nate Klingenstein, 12/02/2007
Archive powered by MHonArc 2.6.16.