On 09/06/2011, at 12:22 PM, Roland Hedberg wrote:
>
> On Jun 9, 2011, at 13:16, Luke Howard wrote:
>
>>> Are there a set of 'radius' attribute names I should use when mapping the SAML attributes ?
>>
>> The complete assertion goes in SAML-AAA-Assertion (vendor is UKERNA, 25622; attribute ID is 132 -- grab dictionary.ukerna out of mech_eap). You'll need to split it across multiple RADIUS AVPs. You shouldn't need to add other AVPs.
>
> Just to be clear, I'm expected to take the Assertion (XML string) split it into N parts, each part not longer than 253 bytes, and put each part into a RADIUS AVP.
Yep. (Actually in my module I had to make it 248 bytes, I never debugged why.)
> Futher up the line Scott's shib attribute handler is then supposed to take this sequence, join it and do its magic ?
This is actually done by mech_eap.
-- Luke
|