Hi,
> I was thinking more of an identifier so I don't have to send a SAML assertion to every local RADIUS request (I'm narrowing down when I send the SAML assertion).
moonshot queries will have some extra attibutes present
> Unless of course it's this attribute that I have noticed (which remains the same for every request): X-Ascend-FR-DCE-N393, which appears to be an 'illegal' attribute from Ascend (it's in the .illegal dictionary). I searched for that attribute online and it appears there's a clash between the old Ascend and the new GSS-Acceptor attributes in dictionary.ukerna?
thats a dictionary clash - you shouldnt be using the illegal dictionaries unless you REALLY REALLY
need to - eg you actually have Ascend kit and still use those attributes
> When I search around for these attributes, I find a JISCMail post from Sam mentioning a FR dictionary patch (once a casing issue is resolved). Is that patch mentioned here https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=MOONSHOT-COMMUNITY;4a29ccef.1209 for dictionary.ukerna?
there is now an official IANA ID for the moonshot stuff:
ATTRIBUTE GSS-Acceptor-Service-Name 164 string
ATTRIBUTE GSS-Acceptor-Host-Name 165 string
ATTRIBUTE GSS-Acceptor-Service-Specifics 166 string
ATTRIBUTE GSS-Acceptor-Realm-Name 167 string
(as that posting noted) - I'll need to dig out the proper IANA doc
> If that is the case, does SAML-AAA-Assertion keep the attribute number it currently has?
I'll double check (and MS-Windows-Auth-Data)
alan
|