-----BEGIN PGP SIGNED MESSAGE-----
You'll want to look at modifying two files in the web frontend -
vcl/shibauth/index.php and vcl/.ht-inc/authmethods/shibauth.php.
The index.php file calls a function (updateShibGroups) that exists in
shibauth.php. You can modify updateShibGroups to create the groups based on
whatever information is passed to it. Then, modify index.php to pass the
proper information as arguments.
If you don't have anyone that can work on this, I can assist if you'll sent
the structure of the entitlement attribute as it shows up to php.
On Tuesday July 05, 2011, Hartl, Gerhard L. wrote:
> We are attempting to transition from LDAP authentication to Shibboleth
> authentication and are having an issue in regards to shib groups. Our
> current configuration uses the "ismemberof" ldap attribute to build the
> user groups used for privilege assignment. Now that we have setup Shib
> authentication, we are being presented with groups created off of the shib
> "affiliation" attribute rather than the shib "entitlement" attribute that
> represents our "ismemberof" of LDAP. Is there any way to use our shib
> "entitlement" attribute to build shib groups?
> - Gerhard
> Old Dominion University
North Carolina State University
my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
-----END PGP SIGNATURE-----