Handling errors from CDMF during token creation

Handling errors from CDMF during token creation

During the creation of a CDSSO token, the ssocreate module calls the CDMF library to acquire any extended attributes to be included in the token. Extended attributes (that further describe the user) can be required for successful identity mapping of the user on the destination server. The CDMF API uses the cdmf_get_usr_attributes call to acquire extended attributes.
It is possible for the cdmf_get_usr_attributes call to fail in obtaining the required information and return an error. In such a case, the subsequent behavior of the token creation process can be controlled through use of the propagate-cdmf-errors stanza entry located in the [cdsso] stanza. Values for this stanza entry include "yes" and "no".
A "no" value (default) allows the token creation process to proceed even when CDMF fails to obtain attributes and returns an error.
A "yes" value forces the token creation process to end when CDMF fails to obtain attributes and returns an error.
Example:
[cdsso] propagate-cdmf-errors = no

Parent topic: Configuration of cross-domain single signon