On Wed, 17 Sep 2008, Paul Campbell wrote:
> I'm trying to get ePTId released, but I can't even get resolvertest to
> generate the attribute.
>
> I've tried creating the attribute using PersistentIDAttributeDefinition with
> Salt as a string and a keystore. I've also tried using SAML2PersistentID.
>
> resolvertest doesn't report any errors, only the eduPersonScopedAffiliation
> and eduPersonAffiliation attributes.
Are you testing attribute resolution or attribute release? resolvertest
can do either, e.g. resolution:
$ export IDP_HOME=/srv/www/shibboleth-idp
$ $IDP_HOME/bin/resolvertest --user=''<user>'' \
--responder=https://shib.raven.cam.ac.uk/shibboleth \
--resolverxml=file:///etc/shibboleth/resolver.xml
or release:
$ export IDP_HOME=/srv/www/shibboleth-idp
$ $IDP_HOME/bin/resolvertest --user=''<user>'' \
--requester=''<SP entity>'' \
--responder=https://shib.raven.cam.ac.uk/shibboleth \
--idpXml=file:///etc/shibboleth/idp.xml
(replacing parameter values as appropriate) If you are doing the latter
you will have to configure ePTId release in arps/arp.site.xml. It's
obviously easier to confirm that resolution is working first, and then
move on to release.
Jon.
--
Jon Warbrick
Web/News Development, Computing Service, University of Cambridge
|