[Shib-Users] SP attributes configuration with an SAML 2.0 IDP
261 views
Skip to first unread message
SAGNIMORTE Thomas (CAMPUS)
Jan 11, 2010, 1:29:14 PM1/11/10
to shibbole...@internet2.edu
Hello
all,
I try to configured
an Shibboleth SP to integrate with some SAML 2.0 IDP.
I am able to get the
SAML_SUBJECT attribute, but not a second attribute present in the
assertion.
Here is the log
info
2010-01-11 19:05:17
INFO Shibboleth.AttributeExtractor.XML [1]: skipping unmapped SAML 2.0 Attribute
with Name: cn,
Format:urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
Here is the
attribute-map.xml
<Attribute
name="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
id="SAML_SUBJECT"/>
<Attribute name="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" id="cn"/>
<Attribute name="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" id="cn"/>
Here is the metadata
info
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:SingleSignOnService Location="https://idpdecathlon.project.org/idp/SSO.saml2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" Name="cn"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"/>
I search a lot, but
I do not find how I can configured the shibboleth to get this cn
attribute.
Do you have an
idea?
Regards,
Thomas
Chad La Joie
Jan 11, 2010, 1:31:12 PM1/11/10
to shibbole...@internet2.edu
What do you SP logs say? Most likely, since that is a non-standard
attribute, it's being filtered out. The SP logs would tell you that.
attribute, it's being filtered out. The SP logs would tell you that.
--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
chad....@switch.ch, http://www.switch.ch
Scott Cantor
Jan 11, 2010, 5:32:49 PM1/11/10
to shibbole...@internet2.edu
SAGNIMORTE Thomas (CAMPUS) wrote on 2010-01-11:
> Here is the attribute-map.xml <Attribute
> name="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
> id="SAML_SUBJECT"/> <Attribute
> name="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" id="cn"/>
> Here is the attribute-map.xml <Attribute
> name="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
> id="SAML_SUBJECT"/> <Attribute
> name="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" id="cn"/>
The name property is for the AttributeName, you need to put that constant
into a nameFormat property and set name to "cn".
-- Scott
SAGNIMORTE Thomas (CAMPUS)
Jan 12, 2010, 6:06:26 AM1/12/10
to shibbole...@internet2.edu
Ok, thanks, I have done that and it work!
Here know the good configuration for this attribute : <Attribute
name="cn"
nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
id="cn"/>
Regards,
Thomas
Reply all
Reply to author
Forward
0 new messages