Hi

 

We’re still on Shib 2. 

 

We’ve moved our Office 365 over to full cloud authentication which requires users to enter upn as the login credential.   We’d like to bring shibboleth into line (probably making it ambidextrous, both cn and upn).   Having dug around and tried it on our test one it looks like it’s just a matter of change:

 

Login.config,  Change

 

        userFilter="cn={0}"    to      userFilter="(|(userprincipalname={0})(cn={0}))"

 

 

 

resolver.xml, in the ldap data connector Change

       

        <dc:FilterTemplate>

            <![CDATA[

                (cn=$requestContext.principalName)

            ]]>

        </dc:FilterTemplate>

 

To:

 

        <dc:FilterTemplate>

            <![CDATA[

                (|(userprincipalname=$requestContext.principalName) (cn=$requestContext.principalName))

            ]]>

        </dc:FilterTemplate>

 

Everything seems to work ok, eptid which is based against an immutable value is not affected and you can now login with just CN or UPN.  Can anyone think of anything else that might be affected by doing this?   Everything we’re releasing comes from the ldap lookup and doing a couple of tests everything looks OK.  

 

Can anyone think of anything I’ve missed?

 

Cheers

Andy Swiffin

Dundee