[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: eduPersonScopedAffiliation not mapping correctly
From:       "Cantor, Scott" <cantor.2 () osu ! edu>
Date:       2011-12-19 22:29:57
Message-ID: CB1524A6.1B6D9%cantor.2 () osu ! edu
[Download RAW message or body]

On 12/19/11 5:21 PM, "Scott Klawitter" <sklawitter@ebsco.com> wrote:
>
>I think it is because XML attributes are missing from the Attribute and
>AttributeValue nodes.

Attribute, yes, as I said in my earlier note. NameFormat defaults to
unspecified, which is the wrong value.

>I propose the following changes:
>- Modify saml:Attribute node to include:
>    FriendlyName="eduPersonScopedAffiliation"
>    NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

FriendlyName doesn't matter.

>- Modify saml:AttributeValue node to remove:
>    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
>- Modify saml:AttributeValue node to include:
>    xmlns:xs="http://www.w3.org/2001/XMLSchema"
>    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>    xsi:type="xs:string"

Those are namespaces and type information, none of which is wrong, but all
of which is optional except for ensuring the element is well formed.

>Will having the Identity Provider changing the format to look like the
>following fix this?

NameFormat alone will.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]