Scoped Attribute ignored/not processed

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Scoped Attribute ignored/not processed

mrahman
I am trying to get google's single sing on going but having a problem. I need to produce the googleNameID in the form of ldapusername@mail.institute.edu form. It's a long story on why I can't use the mail attribute, but bottom line is I can't.

So I tried creating an attrib definition as below as a scoped one (hoping it will append mail.institution.edu after the sAMAccount Name.



<resolver:AttributeDefinition xsi:type="ad:Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                              id="googleNameID"
                              sourceAttributeID="sAMAccountName"
                                                          scope="mail.institution.edu">
    <resolver:Dependency ref="myLDAP" />
 
   
    <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                               nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
 
</resolver:AttributeDefinition>


From the Debug Log I see:

Creating attribute statement in response to SAML request 'dkdlbloamncaehpogoaiiodphkjodjagognjflco' from relying party 'google.com'
12:49:01.409 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:263] - Attribute googleNameID was not encoded (filtered by query, or no SAML2AttributeEncoder attached).
12:49:01.409 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.provider.ShibbolethSAML2AttributeAuthority:129] - No attributes remained after encoding and filtering by value, no attribute statement built

12:49:01.410 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:527] - Filtering out potential name identifier attributes which can not be encoded by edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder
12:49:01.410 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:541] - Retaining attribute googleNameID which may be encoded to via edu.internet2.middleware.shibboleth.common.attribute.encoding.SAML2NameIDEncoder


The actual response does not contain the googleNameID attribute.

Why is it being ignored?

Any help is appreciated - Thanks !!
Reply | Threaded
Open this post in threaded view
|

Re: Scoped Attribute ignored/not processed

mrahman
...I am thinking this may have something to do with the way I am trying to encode..

It is trying to encode a scoped attribute as SAML2StringNameID....this seems like the problem.

How can I encode a scoped attribute as SAML2StringNameID ?