On 8 Aug 2012, at 15:24, Rod Widdowson <[log in to unmask]> wrote:
>> I thought I'd done everything I needed to (both from following their guide and from what I remember
>> needing to do for other attributes we release elsewhere). Which bit of config are you thinking of?
>
> If you want it as an attribute you'll need to specify an "Attribute" attribute encoder like "SAML2String" (not "SAML2StringNameID").
>
>
> But that MS page seems to be saying you need to specify a unique (in time and space) NameID and that objectID is a good idea to use.
>
>
> It seems to say that the only "attribute" attribute (as opposed to "NameID" attribute) it wants is UserId.
>
> Do you have another attribute declaration trying to generate a NameID? (i.e. with a xxxxNameID encoder)? You might try removing
> that if you do have one and see whether the NameID turns into anything. In the default attribute-encoder it 'transientID' is
> declared for the NameID and this might be trumping your declaration.
>
>
I think I may be barking completely up the wrong tree…
The TestShib SP metadata only includes NameIDFormat attributes:
<!-- This tells IdPs that you only need transient identifiers. -->
<NameIDFormat xmlns="urn:oasis:names:tc:SAML:2.0:metadata">urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat xmlns="urn:oasis:names:tc:SAML:2.0:metadata">urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
Having removed the only other NameID encoded attribute from the config (the default id="transientId"), it's now bleating that:
15:36:59.200 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:486] - No attributes for principal 'ms1' support encoding into a supported name identifier format for relying party 'https://sp.testshib.org/shibboleth-sp'
I wonder if I just need to dive in and see if it works on the MS SP and I may be over-thinking it… will let you know :)
Thanks for help so far!
--
Matthew Slowe
Server Infrastructure Team e: [log in to unmask]
IS, University of Kent t: +44 (0)1227 824265
Canterbury, UK w: www.kent.ac.uk
|