I am running a Shibboleth SP (version 2.4.3) and my attribute-map.xml includes the default mapping for "mail"
<!-- email -->
<Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
A client is using a non-Shibboleth IdP, and they don't have the ability to define the NameFormat as anything other than urn:oasis:names:tc:SAML:2.0:attrname-format:basic.
According to the Shibboleth wiki if an IdP uses a NameFormat other than urn:oasis:names:tc:SAML:2.0:attrname-format:uri or urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified then I have to define the NameFormat in my own attribute-map.xml.
Can/should I add a third Attribute node with an identical name but with the "basic" nameFormat defined? I don't want to disrupt my existing integrations with clients who are doing things the standard Shibboleth way.
<!-- email -->
<Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
<Attribute name="urn:mace:dir:attribute-def:mail" id="mail" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"/>
You can add any attribute in attribute map file, but you have to make sure idP sends it before using it.
And it won't affect on any existing connection.
Related
1) We have created a Custom attribute map(Custom-attribute-map.xml) and placed the file in the shibboleth folder.
eg :
<Attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" id="emailaddress"/>
2 )Then we set the path in shibboleth2.xml
<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="Custom-attribute-map.xml"/>
So we will get those custom headers in my Application request that comes from Shibboleth .This is working fine for 2 out of 3 server.
We have done the same procedure in the 3rd server also but the custom headers are missing in 3rd server's application Request header (Request.Headers["emailaddress"])
We have checked Shibboleth log, There those custom attributes are available.
<Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
<AttributeValue>UserName#Company.com</AttributeValue>
</Attribute>
But those custom headers are not adding into the request header
what can be the reason for this problem?
I am using Tuckey UrlRewriteFilter to force users to go to the 'www' and 'https' version of my web. I mean next 3 URLs must redirect to https://www.myweb.com
http://www.myweb.com
http://myweb.com
https://myweb.com
The problem comes with the last one, I cannot find the solution to put 'www' for 'https'. I have the next rule that makes 2 first cases work without problems:
<rule>
<name>Domain Name Check</name>
<condition name="host" operator="equal">myweb.com$</condition>
<condition type="scheme" operator="equal">^http$</condition>
<from>^(.*)$</from>
<to type="permanent-redirect">https://www.myweb.com$1</to>
</rule>
This one of course does not apply for the third case. If I try a similar rule for the third case like the following, it doesn't work either (I don't know why):
<rule>
<name>Domain Name Check</name>
<condition name="host" operator="equal">myweb.com$</condition>
<condition type="scheme" operator="equal">^https$</condition>
<from>^(.*)$</from>
<to type="permanent-redirect">https://www.myweb.com$1</to>
</rule>
Could you please help me to figure out the rule for the third case?
Thank you.
The problem was not the filter but my certificate. I issued my certificate for www.myweb.com but not for myweb.com so https://myweb.com request didn't reach my server, the browser detected the certificate was not valid and blocked the process.
I just issued my certificate for https://myweb.com and modified my Tuckey rule as you can see below. Now https://www.myweb.com is the only URL users can use.
<rule>
<name>Domain Name Check</name>
<condition type="request-url" operator="equal">(^http://myweb.com|^http://www.myweb.com|^https://myweb.com)</condition>
<from>^(.*)$</from>
<to type="redirect">https://www.myweb.com$1</to>
</rule>
I wish to change my URL of proxy service due enhanced application.
Previously my URL like differet than ESB default endpoint.
Now proxy providing this URL.
http://soccerhome:8280/services/Customer_Proxy
Where as my existing applications are running on some other endpoint's
like
http://soccerhome:8280/Customer_Proxy
So they can't able to change there endpoint how would i remove the service part in above URL any way to do that.
Thanks in advance.
Just provide a Service URL in your_proxy.
<parameter name="ServiceURI">Customer_Proxy</parameter>
Then You will get Your desire URL.
Change parameter servicePath in repository/conf/axis2/axis2.xml
Edit the repository/conf/axis2/axis2.xml in dispatcher phase :
<phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
to add the following handle.
<handler name="CustomURIBasedDispatcher"
class="org.apache.synapse.core.axis2.CustomURIBasedDispatcher"/>
Now if you go ahead to edit the proxy service, you can add a service parameter as,
serviceURI = Customer_Proxy
This will provide your desired URL.
you should change axis2.xml file in repository/conf/axis2/axis2.xml or create your service in proxy url
<parameter name="URL OF Service">CustomProxy</parameter>
When trying to access /Glimpse.axd after I've published to IIS (7.5), I'm now receiving a 403 Forbidden response. Is there a setting in IIS that disables access to .axd files? Or is this something else entirely?
This is usually due to the fact that your source IP Address is not allowed in the web.config section for Glimpse. I just ran in to this issue yesterday.
Look for this in your web.config file, it can go anywhere in the web.config file.
<glimpse enabled="true">
<ipAddresses>
<!-- List of IP addresses allowed to get Glimpse data. Optional. localhost (IPv4 &IPv6) by default -->
<add address="x.x.x.x"/> <!--The ip of your machine -->
<add address="::1"/>
</ipAddresses>
</glimpse>
I got an error like this when trying to access http://leniel-pc:8083/glimpse.axd:
403 Forbidden
Ensure 'aa90::edad:55a5:7777:cd2c%11' is configured for
Glimpse access.
After doing this:
<glimpse enabled="true">
<ipAddresses>
<!-- List of IP addresses allowed to get Glimpse data. -->
<!--The ip of your machine -->
<add address="aa90::edad:55a5:7777:cd2c%11"/>
</ipAddresses>
</glimpse>
Problem solved! :D
I am using ActionMailer.Net in my MVC website to send email, I want to send from gmail, but gmail needs EnableSsl=True to be able to send, but I don't know where in ActionMailer.net I can configure this.
You have to edit your web.config file to something like this:
<system.net>
<mailSettings>
<!-- Method#1: Configure smtp server credentials -->
<smtp from="some-email#gmail.com">
<network enableSsl="true" host="smtp.gmail.com" port="587" userName="some-email#gmail.com" password="valid-password" />
</smtp>
</mailSettings>
</system.net>
Reference:
http://www.hanselman.com/blog/NuGetPackageOfTheWeek2MvcMailerSendsMailsWithASPNETMVCRazorViewsAndScaffolding.aspx\