Shibboleth Developers

[Lukas Haemmerle <>]

Hello all

In this bug report from last August I noticed that the Attribute Aliases 
couldn't be used anymore in Apache:
https://bugs.internet2.edu/jira/browse/SSPCPP-22

As far as I understand Scott's reply the Aliases were then later on 
added again. However, it seems they can now only be used with the 
Shibboleth 2 SP in the RequestMap, but not anymore in the Apache 
config/.htaccess file. Is this correct or is this a bug?

Any chance that it still could be added in the first case? It certainly 
would allow an easier upgrade from 1.3 to 2.0 for a lot of applications 
that are protected with Apache access rules.

Another thing we noted is that in the shibboleth2.xml.dist file there is 
the line:
REMOTE_USER="eppn persistent-id targeted-id"

Although I couldn't find the documentation for this REMOTE_USER 
attribute I assume that any attributes with following aliases(? or are 
these attribute IDs?) are put into the REMOTE_USER environment variable 
if they exist. If so, what happens if the eppn as well as the 
persistent-id exist as attributes?

Besides that, we were wondering about the names of these aliases/IDs? 
Why wasn't for example principalName, persistentID or targetetID used as 
aliases? This maybe would be more consistent with other attributes, 
where the aliases usually were written withouth - and with uppercase 
letters instead. Is there any specific reason for this?

Thx in advance for some enlightening answers :)

Lukas

--
SWITCH
Serving Swiss Universities
--------------------------
Lukas Haemmerle, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
 http://www.switch.ch