[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: release the exact ldap attribute value
From: Souleye Ndiaye <ndiaye.souleye () gmail ! com>
Date: 2019-11-21 9:19:55
Message-ID: CANrTpnmVyc-Z2yAV1nu+Bf0s0RGmx5YD+PXM9fJ6ZLk6G1H+pA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
Thanks a lot! That was exactly what i was looking for!
Regards
Am Mi., 20. Nov. 2019 um 17:43 Uhr schrieb Peter Schober <
peter.schober@univie.ac.at>:
> * Souleye Ndiaye <ndiaye.souleye@gmail.com> [2019-11-20 14:21]:
> > how can i tell the idP to return the exact LDAP value (e.g. uid) instead
> > the user entry during authentication? I want to achieve that a uid „case
> > matching" between SP and LDAP is guaranteed.
>
> What Ian said: By looking up its value and releasing what's stored in
> LDAP, i.e., by avoiding the "PrincipalName"-type attribute defintion
> and using LDAP for normalization of the values (assuming you have
> conistent values stored in LDAP, of course).
>
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe@shibboleth.net
[Attachment #5 (text/html)]
<div dir="ltr"><div>Hi,</div><div><br></div><div>Thanks a lot! That was exactly what \
i was looking for!</div><div>Regards<br></div></div><br><div class="gmail_quote"><div \
dir="ltr" class="gmail_attr">Am Mi., 20. Nov. 2019 um 17:43 Uhr schrieb Peter \
Schober <<a href="mailto:peter.schober@univie.ac.at">peter.schober@univie.ac.at</a>>:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">* Souleye Ndiaye <<a \
href="mailto:ndiaye.souleye@gmail.com" \
target="_blank">ndiaye.souleye@gmail.com</a>> [2019-11-20 14:21]:<br> > how can \
i tell the idP to return the exact LDAP value (e.g. uid) instead<br> > the user \
entry during authentication? I want to achieve that a uid „case<br> > \
matching" between SP and LDAP is guaranteed.<br> <br>
What Ian said: By looking up its value and releasing what's stored in<br>
LDAP, i.e., by avoiding the "PrincipalName"-type attribute defintion<br>
and using LDAP for normalization of the values (assuming you have<br>
conistent values stored in LDAP, of course).<br>
<br>
-peter<br>
-- <br>
For Consortium Member technical support, see <a \
href="https://wiki.shibboleth.net/confluence/x/coFAAg" rel="noreferrer" \
target="_blank">https://wiki.shibboleth.net/confluence/x/coFAAg</a><br> To \
unsubscribe from this list send an email to <a \
href="mailto:users-unsubscribe@shibboleth.net" \
target="_blank">users-unsubscribe@shibboleth.net</a></blockquote></div>
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic