Environment: Linux / Apache / Shibboleth SP 2.6
I'm looking for some help with the mapping I would need to do in order to populate the REMOTE_USER variable. I'm not sure what exactly I need to add to the attribute-map.xml file in order to make that happen.
In the shibboleth2.xml file, we have ..
<ApplicationDefaults entityID="https://tap-jmistst-rv02.usmstest.doj.gov/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id"
cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
What I don't understand is what I need to put in the attribute-map.xml file specifically in order to map the value of NameID to REMOTE_USER
When I hit my application URL, it does redirect to ADFS, and then I see that NameID is populated with my username in the Shibboleth transaction.log. What I'm trying to do is get REMOTE_USER set with that value.
Any help is greatly appreciated
The REMOTE_USER attribute in the ApplicationDefaults element above denotes a list of decoded attributes (in order of preference) that the SP will use to populate Apache's REMOTE_USER.
In order to populate this with the Assertion NameID, you need first to decode this into an attribute ( named persistent-id here but feel free to change it) with
<Attribute name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder" formatter="$NameQualifier!$SPNameQualifier!$Name" defaultQualifiers="true"/>
</Attribute>
and then assign it to REMOTE_USER with
REMOTE_USER="persistent-id"
In your
<ApplicationDefaults>