AttributeFilterPolicy requester Value

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

AttributeFilterPolicy requester Value

Kevin Ratcliffe-2
Hi All

I am having an issue with Adobe SSO where my IdP doesn't release the attributes to them unless I use xsi:type="ANY". The AttributeFilterPolicy in question works flawlessly with bin/aacli.sh using the requester value from the policy. So, my guess is that I am using an incorrect requester value in my policy.

Is there a way that I can get the requester value for attribute-filter.xml from the IdP or is it easier to log a call with Adobe?

I am using IdP v3.4.6 if that helps.

Thanks in advance for any response.

Kevin Ratcliffe
Network & IT Systems Support
Bolton Sixth Form College
T: 01204 846215
E: [hidden email]
W: www.bolton-sfc.ac.uk
Save Paper. Please consider the environment before printing.
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: AttributeFilterPolicy requester Value

Rod Widdowson
> Is there a way that I can get the requester value for attribute-filter.xml from the IdP or is it easier to log a call with Adobe?

Absent any other unlikely weirdness in your configuration its the EntityID.

>>
>>  The Requester type is a PolicyRule which returns true if the name (generally the SAML entityID) of the system
requesting/receiving the attributes (usually an SP) matches a supplied string.
>>

https://wiki.shibboleth.net/confluence/display/IDP30/RequesterConfiguration

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: AttributeFilterPolicy requester Value

Kevin Ratcliffe-2
Thanks for the reply Rod. That worked.

I very nearly tried that early in testing but read in the integration guide section of the Shibboleth wiki that "The Adobe service is provided via a SAML IdP/SP Proxy (Okta), it is the Okta SP that you are integrating with". The Adobe SSO docs and the integration guide both use a requester value in the form of "https://www.okta.com/saml2/service-provider/xxxxxxxxxxxxxxxxxxxx". I should have stuck to my original plan.

Three beers for Rod(next time you are in Salford, UK).

Kevin Ratcliffe
Network & IT Systems Support
Bolton Sixth Form College
T: 01204 846215
E: [hidden email]
W: www.bolton-sfc.ac.uk
Save Paper. Please consider the environment before printing.
-----Original Message-----
From: users <[hidden email]> On Behalf Of Rod Widdowson
Sent: 12 February 2020 11:43
To: 'Shib Users' <[hidden email]>
Subject: RE: AttributeFilterPolicy requester Value

> Is there a way that I can get the requester value for attribute-filter.xml from the IdP or is it easier to log a call with Adobe?

Absent any other unlikely weirdness in your configuration its the EntityID.

>>
>>  The Requester type is a PolicyRule which returns true if the name (generally the SAML entityID) of the system
requesting/receiving the attributes (usually an SP) matches a supplied string.
>>

https://wiki.shibboleth.net/confluence/display/IDP30/RequesterConfiguration

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]