Shibboleth Developers

[Paul Hethmon <>]

So I basically have this working now, though it feels a bit shaky in places.
It turns out I can't use the IdP session since its not created until my
login handler returns control to Shib. So I'm using the principal name as my
key to tie the attributes created at authentication back to the user in the
data resolver itself.

Using the principal name seems a bit of a shaky approach, though for my
deployments, I guarantee that one is present.

I never did see a way to create a custom principal and get that in the data
connector. The principal name as a string, but not a principal object.

Not really looking for any feedback at this point, just following up for the
list archives.


On 8/16/10 5:54 PM, "Chad La Joie " 
<>
 wrote:

> Since you're creating a custom login handler, just create a custom
> principal that carries the information you need.  That'll get added to
> the session and you can pull it from there in the attribute resolver.
> 
> On 8/16/10 5:31 PM, Paul Hethmon wrote:
>> So I¹m exploring creating a custom data resolver to allow my login
>> handler to store attribute information that gets created during
>> authentication.
>> 
>> In looking through the standard data resolver classes and the
>> HttpServletHelper class, I can¹t seem to find a clean way to tie the
>> session information together. The session ID is available on both sides,
>> but getting to the default storage service needs the servlet context.