Problem in Shibboleth user mapping
27 views
Skip to first unread message
Christian Schweizer
Jul 16, 2020, 10:16:07 AM7/16/20
to OpenOlat
Hello there
I have a problem with the user mapping in OpenOlat's Shibboleth module. I configured simply the required attributes email, firstName and lastName in a olat.local.properties:
shibboleth.user.mapping.email.shib=mail
shibboleth.user.mapping.first.name.shib=xxx
shibboleth.user.mapping.last.name.shib=xxx
When I register a new user OpenOlat uses the corresponding Shibboleth attributes.
But when I want to add another user mapping to map the email attribute to another OpenOlat attribute, OpenOlat asks me for my primary email address when I register. The email attribute is mapped to the other OpenOlat attribute though.
shibboleth.user.mapping.key1.shib=mail
shibboleth.user.mapping.key1.olat=email
How is it possible to map one Shibboleth attribute to multiple OpenOlat attributes?
Thank you in advance for any kind of support!
Best regards
Christian
Urs Hensler
Jul 17, 2020, 1:45:05 AM7/17/20
to 'Curt' via OpenOlat
Hi Christian,
How is it possible to map one Shibboleth attribute to multiple OpenOlat attributes?
No it’s not possible. Maybe your IdP can provide the email address in multiple attributes.
What’s your use case to store the email address in multiple OpenOlat user properties?
Best regards,
Urs
--
--
Sie erhalten diese Nachricht, weil Sie Mitglied sind von Google
Groups-Gruppe "OpenOlat".
Für das Erstellen von Beiträgen in dieser Gruppe senden Sie eine E-Mail
an open...@googlegroups.com
Um sich von dieser Gruppe abzumelden, senden Sie eine E-Mail an
openolat+u...@googlegroups.com
Weitere Optionen finden Sie in dieser Gruppe unter
http://groups.google.com/group/openolat?hl=de
-------------------------------------------------------------------------------------------------------------------
OpenOlat - infinite learning - http://www.openolat.org
---
You received this message because you are subscribed to the Google Groups "OpenOlat" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openolat+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/fd3cac45-edc1-49b5-bbb8-d50c0178424en%40googlegroups.com.
Christian Schweizer
Jul 22, 2020, 4:53:28 AM7/22/20
to OpenOlat
Hi Urs
Thank you for your reply! Actually your suggestion helped a lot. We were able to reconfigure our Shibboleth module to provide the email address in multiple attributes and now the user mapping works fine.
We need the email address to be mapped to another OpenOlat attribute for internal reasons.
Best regards
Christian
Stephan Clemenz
Aug 4, 2020, 3:28:05 PM8/4/20
to 'Christian Schweizer' via OpenOlat
Hi Christian,
I did such things by configuring my SP by using
<AttributeResolver type="Transform" source="email">
<Regex match="^.+@(.*)$"
dest="anotherAttribute">$1</Regex>
</AttributeResolver>
In this case you can generate your own Shib attributes which you can map to Olat attributes.
Cheers, Stephan
Am 22.07.20 um 10:53 schrieb 'Christian
Schweizer' via OpenOlat:
To view this discussion on the web visit https://groups.google.com/d/msgid/openolat/bd6bca95-5c20-4104-93b6-7a01886acfbcn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages