Alistair,
SAML2 attributes should go have SAML2 encoding.
http://svn.middleware.georgetown.edu/view/java-idp/branches/REL_2/src/instal
ler/resources/conf-tmpl/attribute-resolver.xml?revision=2938&view=markup
Should give you an idea of how Shib achieves it.
So the SAML1 "urn:mace:dir:attribute-def:eduPersonAffiliation", becomes the
SAML2 "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
Is that what you meant?
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:JISC-
> [log in to unmask]] On Behalf Of Alistair Young
> Sent: 22 October 2010 16:15
> To: [log in to unmask]
> Subject: SAML2 attributes
>
> What would be best practice for an IdP which is using SAML2 WBSSO and
> wants to maintain continuity of service with service providers? i.e.
> it's using shibboleth just now with the simple shibboleth attribute
> naming conventions (urn:mace:dir ... edu*)
>
> should it use the full blown SAML2 attribute naming convention:
> urn:oasis:names:tc:SAML:2.0:attrname-format:uri
>
> or the more "shibby" type version:
> urn:oasis:names:tc:SAML:2.0:attrname-format:basic
>
> it seems that perhaps urn:oasis:names:tc:SAML:2.0:attrname-format:basic
> is more common in the fed for SAML2 profiles?
>
> thanks,
>
> Alistair
>
>
> --------------
> mov eax,1
> mov ebx,0
> int 80
|