oidc

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

oidc

Kicic Sakib

Hi,

 

If I already have defined SAML attribute “mail” why do I cannot also have OIDC

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

SV: oidc

Kicic Sakib

 

Hi,

 

If I already have defined SAML attribute “mail” why do I cannot also have OIDC attribute “mail” in attribute-resolver?

How do I get “mail” attribute in oidc access token? This bellow does not work to get mail in access token.

 

Mail attribute for oidc:

<AttributeDefinition xsi:type="Simple" id="mail" >

        <InputDataConnector ref="myLDAP" attributeNames="mail" />

        <AttributeEncoder xsi:type="oidcext:OIDCString"  name="mail" />

    </AttributeDefinition>

 

Mail attribute for saml:

<AttributeDefinition xsi:type="Simple" id="mail" >

    <InputDataConnector ref="myLDAP" attributeNames="mail" />

    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />

    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />

  </AttributeDefinition>

 

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

SV: oidc

Kicic Sakib

Is solved it.

Just added oidc attributeEncoder on already existing attribute:

 

<AttributeDefinition xsi:type="Simple" id="mail" >

    <InputDataConnector ref="myLDAP" attributeNames="mail" />

    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />

    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />

    <AttributeEncoder xsi:type="oidcext:OIDCString" name="mail " />

  </AttributeDefinition>

 

 

Från: users [mailto:[hidden email]] För Kicic Sakib
Skickat: den 20 januari 2020 09:02
Till: Shib Users
Ämne: SV: oidc

 

 

Hi,

 

If I already have defined SAML attribute “mail” why do I cannot also have OIDC attribute “mail” in attribute-resolver?

How do I get “mail” attribute in oidc access token? This bellow does not work to get mail in access token.

 

Mail attribute for oidc:

<AttributeDefinition xsi:type="Simple" id="mail" >

        <InputDataConnector ref="myLDAP" attributeNames="mail" />

        <AttributeEncoder xsi:type="oidcext:OIDCString"  name="mail" />

    </AttributeDefinition>

 

Mail attribute for saml:

<AttributeDefinition xsi:type="Simple" id="mail" >

    <InputDataConnector ref="myLDAP" attributeNames="mail" />

    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />

    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />

  </AttributeDefinition>

 

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: oidc

Morgan, Andrew Jason
Correct.  The most likely cause of your earlier problem is that you defined 2 attributes with the same id="mail".  If you had created the OIDC attribute with id="oidc_mail", it should have worked.  However, it is clearer to just add the OIDC encoder to the existing attribute definition.

Andy Morgan
Identity & Access Management
Oregon State University


From: users <[hidden email]> on behalf of Kicic Sakib <[hidden email]>
Sent: Monday, January 20, 2020 12:33 AM
To: Shib Users <[hidden email]>
Subject: SV: oidc
 

Is solved it.

Just added oidc attributeEncoder on already existing attribute:

 

<AttributeDefinition xsi:type="Simple" id="mail" >

    <InputDataConnector ref="myLDAP" attributeNames="mail" />

    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />

    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />

    <AttributeEncoder xsi:type="oidcext:OIDCString" name="mail " />

  </AttributeDefinition>

 

 

Från: users [mailto:[hidden email]] För Kicic Sakib
Skickat: den 20 januari 2020 09:02
Till: Shib Users
Ämne: SV: oidc

 

 

Hi,

 

If I already have defined SAML attribute “mail” why do I cannot also have OIDC attribute “mail” in attribute-resolver?

How do I get “mail” attribute in oidc access token? This bellow does not work to get mail in access token.

 

Mail attribute for oidc:

<AttributeDefinition xsi:type="Simple" id="mail" >

        <InputDataConnector ref="myLDAP" attributeNames="mail" />

        <AttributeEncoder xsi:type="oidcext:OIDCString"  name="mail" />

    </AttributeDefinition>

 

Mail attribute for saml:

<AttributeDefinition xsi:type="Simple" id="mail" >

    <InputDataConnector ref="myLDAP" attributeNames="mail" />

    <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />

    <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />

  </AttributeDefinition>

 

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]