[Shib-Users] forceAttributePush for shib2 with SAML1

[Vincent Carpier]

Hi,

For use an IdP 2 with SP 1.3 and no SAML2, we try to find the equivalent of

forceAttributePush="true" in the appropriate <RelyingParty> element
(https://spaces.internet2.edu/display/SHIB/AlternateProfiles)

We don't find anything in the documentation :-(

SOS O:-)

Regards,

[Scott Cantor]

Search for includeAttributeStatement.

The docs on the profile handlers are a bit hard to get to, we need to bump
some of that material up to the Configuration box.

-- Scott

[Nate Klingenstein]

Vincent,

I think you can just place an attribute of
includeAttributeStatement="true" on the appropriate
ShibbolethSSOProfile ProfileConfiguration. This is one of those
cases where, for now, the schema is the documentation... :D

http://svn.middleware.georgetown.edu/view/java-shib-common/trunk/src/
main/resources/schema/shibboleth-2.0-relying-party-saml.xsd?view=markup

Take care,
Nate.

[Chad La Joie]

Or the documentation could be the documentation:

https://spaces.internet2.edu/display/SHIB2/IdPShibSSOProfileConfig

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch

[Vincent Carpier]

Chad La Joie a écrit :

Or the documentation could be the documentation:

https://spaces.internet2.edu/display/SHIB2/IdPShibSSOProfileConfig

  

thank, it seems good

I will test

[Mike Jennings]

We have it setup in our idp as follows and forced attribute pushing
works great.

<ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile"
includeAttributeStatement="true"
signAssertions="always" />
Mike Jennings