* Jon Agland <[log in to unmask]> [2019-09-04 12:26]:
> Yes, but there is a bit more to it than this...
> I've added https://wiki.shibboleth.net/confluence/display/KB/Adobe+Creative+Cloud+Integration+Guide
Thanks.
See also those two comments from Scott C. which would suggest a
different configuration:
http://shibboleth.net/pipermail/users/2019-February/043063.html
http://shibboleth.net/pipermail/users/2019-February/043065.html
not using emailAddress-format NameIDs in the first place (and also
claim that the urn:oid name for 'mail' is also supported, which you
possibly didn't include in the wiki page as it currently assumes use
of email address as NameID, I suppose).
As for your suggested saml-nameid.xml: Why add the activation
condition when creating an emailAddress-valued NameID from the 'mail'
attribute? That should always be correct/usable, IMO, and is not
specific to the SP here. I.e., merely uncommenting the shipped example
snippet (cf. dist/conf/saml-nameid.xml) should suffice if one wanted
her/his IDP to be able to generate emailAddress-valued NameIDs
irrespective of the SP.
NameID format selection happens elsewhere (in the SP's metadatd you'd
have to tune anyway) and you'd still have to release the 'mail'
attribute to the SP in the filter in order for this to do anything, so
I'd avoid duplicating those policies here.
Cheers,
-peter
########################################################################
To unsubscribe from the JISC-SHIBBOLETH list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=JISC-SHIBBOLETH&A=1
|