On 9/6/11 8:57 AM, "Markus Ludwig Grandpre"
<[log in to unmask]> wrote:
>Hello moonshot community
>
>how can we configure the built-in Shibboleth SP component to use an
>external Shibboleth IdP to request authorization data of authenticated
>user?
Can you make that a more precise question?
>We've rebuild the moonshot ssh test scenario, set up a little Shibboleth
>federation and configured EAP's built-in Shibboleth component in order
>to contact external an IdP (without success):
What does that have to do with your question, though?
The normal usage scenario involves RADIUS and the IdP isn't involved
except behind the scenes. Your log trace doesn't explain to me what your
question was meant to ask.
If you're asking why it's filtering out the attributes, that has nothing
to do with your question, but it's probably because the Moonshot code
doesn't supply an issuing authority for the GSS naming extensions it's
passing into the SP. I'm guessing there's no SAML assertion involved, just
RADIUS AVPs. If you leave the scope filtering on, there has to be an
issuer and metadata to accept scoped attributes like EPPN.
-- Scott
|