friendlyName in attribute-resolver.xml

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

friendlyName in attribute-resolver.xml

Hi all,

I'm trying to configure shibboleth with a few NodeJS applications & PassportJS (a nodejs library to handle authentication scenarios) & Passport-SAML (the actual SAML implementation of PassportJS)  and I'm facing a minor issue with friendlyname.

So first, good news is that everything else is working like a charm. Login is OK on every SP involved, I succeed to release more fields (sn, email) using attribute-resolver and attribute-filter, and this is cool.

But now when I print out the full request.user in my nodejs session, I can see that fields are still named with their SAML name (so "sn" is "urn:oid:").

I already used passport with other SAML implementations and I was able to use directly in my code instead of request.user["urn:oid:"], but I'm not sure whether it's the way the SAML strategy for PassportJS is implemented or if it's something I missed in my shibboleth config.

I don't see any other setting but the attribute declaration itself in attribute-resolver.xml :
<AttributeDefinition xsi:type="Simple" id="surname" sourceAttributeID="sn">
        <Dependency ref="myLDAP" />
        <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
        <AttributeEncoder xsi:type="SAML2String" name="urn:oid:" friendlyName="sn" encodeType="false" />

Any hints ?

I've never setup any SAML idp until yesterday, so please excuse this question if it sounds too dumb :)

Thanks !