CLONE - Tag entityID not usable in error templates
Description
Environment
clones
Activity
Scott Cantor June 22, 2012 at 7:33 PM
Thanks for verifying, closing.
Martin Hitschel June 22, 2012 at 12:13 PMEdited
I can confirm this issue is fixed with yesterday's 2.5 Beta 1. Thanks!
Scott Cantor June 19, 2012 at 3:44 AM
http://svn.shibboleth.net/view/cpp-sp?rev=3710&view=rev
I neglected to set entityID based on an active session, this fix adds that missing property to both the cases you identified as broken.
supportContact isn't really anything but a pass-through to the <Errors> element, so it will work (or not) regardless.
requestURL is set for cases where it's significant, but with the attribute checker, it would just be the URL to the handler, so it's self-evident. The "target" property in that case would be set if it's attached to the request as a query parameter (any query parameter is accessible that way).
Martin Hitschel June 15, 2012 at 8:54 AMEdited
In 2.5 as of 2012-06-14 in the OpenSUSE repo for CentOS6, both ways do not work:
a) the "old" style:
<RequestMapper type="Native">
<RequestMap applicationId="default" accessError="accessError.html">
<AccessControl>
<RuleRegex require="eppn">.+</RuleRegex>
[...]
...with an <shibmlp entityID/> in accessError.html that will be empty
b) the new style:
<RelyingParty Name="https://example.org/idp/shibboleth" keyName="myself" sessionHook="/Shibboleth.sso/AttrChecker"/>
and
<Handler type="AttributeChecker" Location="/AttrChecker" template="attrChecker.html" attributes="eppn" flushSession="true"/>
...with an <shibmlp entityID/> in attrChecker.html that will be empty
in b) also <shibmlp requestURL /> is unusable, however, <shibmlp target /> is.
Wanted to customize an error template that outputs the entityID of an IdP as described in:
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPErrors
While <shibmlp supportContact/> works as expected, <shibmlp entityID/> as well as <shibmlp entityId/> remained empty.