Update Shib SP config to use template attribute resolver

Updated the Shibboleth SP configuration to use the template attribute resolver to copy ENV_OIS_EPPN to ENV_OIS_SORID.
satkinson · Nov 9, 2019 · 00682b1 · 00682b1
1 parent 00d0782
commit 00682b1
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/roles/training/files/shibboleth2.xml b/roles/training/files/shibboleth2.xml
@@ -3,7 +3,12 @@
     xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
     clockSkew="180">
 
-    <OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" />
+    <OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" >
+        <Extensions>
+            <Library path="plugins.so" />
+        </Extensions>
+    </OutOfProcess>
+
 
     <ApplicationDefaults entityID="https://registry.comanage.incommon.training/sp/shibboleth"
         REMOTE_USER="ENV_OIS_EPPN"
@@ -39,6 +44,10 @@
 
         <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
 
+        <AttributeResolver type="Template" sources="ENV_OIS_EPPN" dest="ENV_OIS_SORID">
+            <Template>$ENV_OIS_EPPN</Template>
+        </AttributeResolver>
+
         <CredentialResolver type="File" use="signing"
             key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
         <CredentialResolver type="File" use="encryption"