http://www.project-moonshot.org/devwiki/ConfiguringRHEL/
Under Shibboleth, it says that attribute-map.xml should be replaced with this:
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<GSSAPIAttribute name="urn:ietf:params:gss-eap:radius-avp urn:x-radius:89" id="local-login-user"/>
</Attributes>
Attribute x-radius:89 is the Chargeable-User-Identity.
That said, I'm now seeing these warnings in a gss-server/gss-client conversation:
WARN Shibboleth.AttributeResolver.Query : can't attempt attribute query, either no NameID or no metadata to use
The line "Attribute local-login-user Authenticated Complete" no longer appears in the conversation either, so I must've missed something.
I'll look at the updated Live DVD ISO to see if I've missed anything in the Shibboleth2 configuration.
:-)
Stefan
-----Original Message-----
From: Sam Hartman [mailto:[log in to unmask]]
Sent: 16 May 2013 16:06
To: Paetow, Stefan (DLSLtd,RAL,DIA)
Cc: [log in to unmask]
Subject: Re: Is RADIUS attribute User-Name still required for SSH?
>>>>> "Stefan" == Stefan Paetow <[log in to unmask]> writes:
Stefan> Ok, Then according to the Wiki docs that's RADIUS AVP 89
Stefan> (i.e. Chargeable-User-Identity). Lovely. Now it's starting
Stefan> to make sense.
Can you point me at that wiki quote?
--
This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd.
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
|