[satosa-users] COmanage, Shibboleth, and SATOSA
10 Apr
2018
10 Apr
'18
5:48 a.m.
So here's the next question, related to passing
unmodified assertions
from SATOSA to a SP, specifically COmanage and Shibboleth: What's the
right way to bypass the scope checks Shibboleth usually performs on
ePPN/ePTID/ePUID?
I'd like to add that I tried the following:
- removed the Scope element from the SATOSA IdP metadata
- changed the attribute mappings in Shibboleth to use StringAttributeDecoder instead of
ScopedAttributeDecoder
- both of the above together
Shibboleth logs the following:
```
2018-04-09 21:14:07 WARN Shibboleth.AttributeFilter [2]: removed value at position (0) of
attribute (eppn) from (https://proxy-auth.example.com/satosa)
2018-04-09 21:14:07 WARN Shibboleth.AttributeFilter [2]: no values left, removing
attribute (eppn) from (https://proxy-auth.example.com/satosa)
```
Best wishes,
Matthew
--
"The lyf so short, the craft so longe to lerne."