scoped attributes vs. IDPSSODescriptor/Extensions/Scope in metadata

213 views
Skip to first unread message

Ivan Dolezal

unread,
Sep 7, 2010, 7:59:38 AM9/7/10
to simple...@googlegroups.com

Hi,

I am not getting something...

Czech EduID requires me to have


<md:IDPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<Extensions>
<shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
regexp="false">osu.cz</shibmd:Scope>
</Extensions>


section in metadata. I thought this part would be generated
automatically because of using authproc_scopeattribute. But it is not.
Do I have to turn on / configure something else ? Or, am I totally
missing something?


Thank you

Olav Morken

unread,
Sep 7, 2010, 8:43:22 AM9/7/10
to simple...@googlegroups.com

core:ScopeAttribute is only a filter for the attributes of the user,
which appends the scope from one attribute to the values of another
attribute.

To add the scope to the metadata, you need to define it in your
metadata/saml20-idp-hosted.php file, like the following:

'scope' => array('osu.cz'),

Regards,
Olav Morken
UNINETT / Feide

Ivan Dolezal

unread,
Sep 7, 2010, 8:54:50 AM9/7/10
to simple...@googlegroups.com

Great! Please please please add that to
http://simplesamlphp.org/docs/1.6/simplesamlphp-reference-idp-hosted
.


>>> 7. září 2010 v 14:43 napsal uživatel Olav Morken
<olav....@uninett.no>:

Olav Morken

unread,
Sep 7, 2010, 10:09:18 AM9/7/10
to simple...@googlegroups.com
On Tue, Sep 07, 2010 at 14:54:50 +0200, Ivan Dolezal wrote:
>
> Great! Please please please add that to
> http://simplesamlphp.org/docs/1.6/simplesamlphp-reference-idp-hosted
> .

Done! :)

Reply all
Reply to author
Forward
0 new messages