Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-805

error from resolving eduPersonScopedAffiliation in IDP 3.1.2

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.2, 3.2.0
    • Fix Version/s: 3.2.1, 3.3.0
    • Component/s: Attribute Resolver
    • Labels:
      None

      Description

      We are running IDP 3.1.2.
      When ran command on the server,
      ./bin/aacli.sh --principal=hy93 --requester=https://www.educause.edu/shibboleth-sp
      I got eduPersonScopedAffiliation which seems correct
      {
      "name": "eduPersonScopedAffiliation",
      "values": [
      "ScopedStringAttributeValue

      {value=member, scope=cornell.edu}

      ", "ScopedStringAttributeValue

      {value=staff, scope=cornell.edu}

      ", "ScopedStringAttributeValue

      {value=employee, scope=cornell.edu}

      " ]
      },
      But when I captured the data from SAML tracer in browser, scope is not there.
      <saml2:Attribute FriendlyName="eduPersonScopedAffiliation"
      Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      >
      <saml2:AttributeValue>member</saml2:AttributeValue>
      <saml2:AttributeValue>staff</saml2:AttributeValue>
      <saml2:AttributeValue>employee</saml2:AttributeValue>
      </saml2:Attribute>

      Here is the define in attribute-resolver.xml
      <resolver:AttributeDefinition id="eduPersonScopedAffiliation"
      xsi:type="ad:Scoped" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
      scope="%

      {idp.scope}

      " sourceAttributeID="eduPersonAffiliation">

      <resolver:Dependency ref="myLDAP" />

      <resolver:AttributeEncoder xsi:type="SAML1String"
      xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
      name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />

      <resolver:AttributeEncoder xsi:type="SAML2String"
      xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
      name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9"
      friendlyName="eduPersonScopedAffiliation" encodeType="false" />

      </resolver:AttributeDefinition>

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            hy93@cornell.edu Hong Ye
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 15 minutes
                15m