shibboleth-dev - Re: problems with transientId
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: Re: problems with transientId
- Date: Mon, 3 Dec 2007 16:26:40 -0500
ok, more info:
1) I've attached the tail portion of my idp-process log.
2) from my metadata, here's the name formats that the SP will accept:
<md:NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
3) from my resolver file, here's my definition of transientid
<!-- Name Identifier related attributes -->
<resolver:AttributeDefinition id="transientId" xsi:type="TransientId" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
<resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder" nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
<resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
/>
</resolver:AttributeDefinition>
here's my novice read of the log file...
the IdP chose to use this name format:
Supported NameID formats: [urn:mace:shibboleth:1.0:nameIdentifier]
but then concluded:
No principal attribute supported encoding into a supported name ID format.
count me confused.....
suggestions?
Attachment:
idp-process.log
Description: Binary data
- problems with transientId, Steven_Carmody, 12/03/2007
- Re: problems with transientId, Chad La Joie, 12/03/2007
- Re: problems with transientId, Steven_Carmody, 12/03/2007
- Re: problems with transientId, Chad La Joie, 12/03/2007
- Re: problems with transientId, Steven_Carmody, 12/03/2007
- Re: problems with transientId, Chad La Joie, 12/03/2007
- Re: problems with transientId, Steven_Carmody, 12/03/2007
- Re: problems with transientId, Chad La Joie, 12/03/2007
Archive powered by MHonArc 2.6.16.