Attributes and dependencies
The test IdP is now sending the eduPersonScopedAffiliation attribute, as well as a new attribute I created for testing. It all seems pretty reasonable, provided you remember to hook the AttributeDefinition up to some actual data - I forgot to add the

<resolver:Dependency ref="staticAttributes" />

element and wondered why the scoped affiliation attribute wasn't showing up in the session.

Another gotcha: you can use the aacli.sh tool to check from command line what your IdP is going to send to the SP. This is really useful. However, at least on the default Leopard JDK you need to install the Xerces and Xalan jars to work around a bug in the built-in XML parser. This is fine, and the documentation points you in the right direction - but don't put the jars in the

/System/Library/Frameworks/JavaVM.framework/Home/lib/endorsed

directory, where you might expect them to go. Instead they need to go into the idp/lib/endorsed directory; the aacli.sh script sets up the location for endorsed jars explicitly.

T
- posted by Tim Bruce @ 5:11 PM