Article - CS385805
How to exclude some attributes handled by Shibboleth SP?
Modified: 09-May-2023
Applies To
- FlexPLM 11.1 to 12.1
- Windchill PDMLink 11.1 to 12.1
- Shibboleth SP
Description
- How to exclude some attributes handled by Shibboleth SP?
- How to define attributes rules to use specific attributes to be set for REMOTE_USER in shibboleth2.xml depending of the context
- How to define attributes rules to use specific attributes to be set for REMOTE_USER in shibboleth2.xml depending on the attribute value
- How to filter attributes used by Shibboleth SP
- Configuration of Shibboleth SP:
- shibboleth2.xml :
- <ApplicationDefaults ... REMOTE_USER = "uid email"
- attribute-map.xml
- <Attribute name="uid" id="uid"/>
- <Attribute name="email" id="email"/>
- shibboleth2.xml :
- Use case :
- Sometimes correct user id for Windchill is stored in uid and sometimes in email
- uid is the default one that should be used
- Email should be used when uid is containing pattern #EXT# (as username containing specific characters are not allowed)
This is a printer-friendly version of Article 385805 and may be out of date. For the latest version click CS385805