Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
titleNote

You might also consider to set the option legacyOrgNames="true" on the MetadataProviders in order to show an Identity Provider's OrganizationDisplayName if no MDUI DisplayName is present. This option is transitional however and may be removed in future versions.

 


Attributes

  • cacheToClient(boolean) (defaults to false)
    • If true, the feed includes cache directives intended to support client-side caching of the information. Many clients are overly aggressive about caching, so this feature is disabled by default.

...

Code Block
xml
xml
titleExtended Syntax
<Handler type="AttributeChecker" Location="/AttrChecker" template="attrChecker.html"
        flushSession="true">
    <AND>
        <Rule require="eppn">jdoe@example.edu</>Rule>
        <Rule require="displayName"/>
    </AND>
</Handler>

...

  • attributes(whitespace-delimited list of attribute IDs)
    • Specifies a list of attributes to look for. If the session does not contain at least one value for each attribute designated, the session "fails" the check.

...


Tip
titleExample on how to use AttributeChecker

One example approach how to use the Attribute Checker Handler to mitigate the case where an IdP released too few attributes to an SP is shown in the eduGAIN Wiki on the page How to configure Shibboleth SP attribute checker. Following the instructions there, a Shibboleth SP will show a helpful error message and provide the user with an easy way (2 clicks) to inform his IdP administrator regarding the attribute release problem. Also, the approach described on the wiki page makes use of a tracking cookie to log (locally or remotely) cases where users ended up on the error page.

...