Not sure if this is a bug, or functionality that hasn't been implemented yet-
Trying to add attributes to the SAML response, created a class that implements AttributeManager and pulls data from our own in-house person manager tool (backend is LDAP, database and other authoritative sources). It seems to work properly but when it tries to build the SAML response I get :
2011-03-10 15:41:01,474 ERROR [org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler] (ajp-0.0.0.0-8009-3) Exception in processing authentication:
From what I can decern it looks like its trying to convert the attrbitue names into a standard naming convention. But in StatementUtil only 4 of the dozen or so attributes in AttributeConstants seem to be implemented, and I don't see that anything has been implemented to handle the attributes that don't fall under the X500 spec.
Yeah. that is a gap. Feel free to create a JIRA here: https://issues.jboss.org/browse/PLFED
If you sign a simple CLA as individual or corporate at http://jboss.org/contribute
I can give you commit rights to the workspace so you can fix some of the simple issues such as this.
By the way, we should continue discussing the SAML Attributes issue at the new thread in PL discussion:
In the picketlink-idfed.xml file there is currently the ServiceURL which defines where the IDP will send the response back to. Since picketlink intercepts any request made to a protected url on the SP are there any plans to update this to grab the current url before forwarding to the IDP that way this doesn't need to be hardcoded in there. Just thinking of instances where a user has a page bookmarked. They go to that page, get redirected to the IDP, then IDP redirects back to the home page of the site because that was what was specified as the ServiceURL.
|Retrieving data ...|