I'm trying to configure shibboleth with a few NodeJS applications & PassportJS (a nodejs library to handle authentication scenarios) & Passport-SAML (the actual SAML implementation of PassportJS) and I'm facing a minor issue with friendlyname.
So first, good news is that everything else is working like a charm. Login is OK on every SP involved, I succeed to release more fields (sn, email) using attribute-resolver and attribute-filter, and this is cool.
But now when I print out the full request.user in my nodejs session, I can see that fields are still named with their SAML name (so "sn" is "urn:oid:22.214.171.124").
I already used passport with other SAML implementations and I was able to use request.user.sn directly in my code instead of request.user["urn:oid:126.96.36.199"], but I'm not sure whether it's the way the SAML strategy for PassportJS is implemented or if it's something I missed in my shibboleth config.
I don't see any other setting but the attribute declaration itself in attribute-resolver.xml :
<AttributeDefinition xsi:type="Simple" id="surname" sourceAttributeID="sn"> <Dependency ref="myLDAP" /> <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" /> <AttributeEncoder xsi:type="SAML2String" name="urn:oid:188.8.131.52" friendlyName="sn" encodeType="false" /> </AttributeDefinition>
Any hints ?
I've never setup any SAML idp until yesterday, so please excuse this question if it sounds too dumb :)