Fwd: Upgrade to 2.3.4, Attribute Resolver problem

Mon Nov 7 15:14:58 GMT 2011

I have upgraded "Identity Provider" from version 2.2.1 to 2.3.4, in our
attribute resolver we have some attribute in ldap and some attribute in
rdbms oracle.
After upgrade, the "Identity Provider" doesn't resolve the attributes on
rdbms, without apparently error, it resolves only uid attribute on ldap.

Below the attribute-resolver.xml that works with previous configuration.

<?xml version="1.0" encoding="UTF-8"?>

<resolver:AttributeResolver
xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
                   xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
                   xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder"
xmlns:sec="urn:mace:shibboleth:2.0:security"
                   xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver
classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
                                       urn:mace:shibboleth:2.0:resolver:pc
classpath:/schema/shibboleth-2.0-attribute-resolver-pc.xsd
                                       urn:mace:shibboleth:2.0:resolver:ad
classpath:/schema/shibboleth-2.0-attribute-resolver-ad.xsd
                                       urn:mace:shibboleth:2.0:resolver:dc
classpath:/schema/shibboleth-2.0-attribute-resolver-dc.xsd

urn:mace:shibboleth:2.0:attribute:encoder
classpath:/schema/shibboleth-2.0-attribute-encoder.xsd
                                       urn:mace:shibboleth:2.0:security
classpath:/schema/shibboleth-2.0-security.xsd">

    <resolver:AttributeDefinition xsi:type="Simple" id="CodiceUtente"
sourceAttributeID="CODPIN" xmlns="urn:mace:shibboleth:2.0:resolver:ad">
        <resolver:Dependency ref="regute" />
        <resolver:Dependency ref="regsoc" />
        <resolver:AttributeEncoder xsi:type="SAML2String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder" name="CodiceUtente"
friendlyName="CodiceUtente" />
    </resolver:AttributeDefinition>
....
Some attribute
....

    <resolver:AttributeDefinition id="uid" xsi:type="Simple"
xmlns="urn:mace:shibboleth:2.0:resolver:ad"
        sourceAttributeID="uid">
        <resolver:Dependency ref="myLDAP" />

        <resolver:AttributeEncoder xsi:type="SAML1String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:mace:dir:attribute-def:uid" />

        <resolver:AttributeEncoder xsi:type="SAML2String"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
            name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
    </resolver:AttributeDefinition>
    <!-- ========================================== -->
    <!--      Data Connectors                       -->
    <!-- ========================================== -->

    <resolver:DataConnector id="regute" xsi:type="dc:RelationalDatabase"
queryTimeout="PT10.000S">
        <dc:ContainerManagedConnection
resourceName="java:comp/env/jdbc/ORAIDP" />
        <dc:QueryTemplate>
            <![CDATA[
                select 'ENTPEN9934' codent,
                        a.codpin codpin,
                        a.mat mat,
                        'Cittadino' ruo,
                        b.codfis codfis,
                        decode (a.indemlpec, null, a.indeml, a.indemlpec)
indeml,
                        get_profile (a.codpin) profilo,
                        cogprf,
                        nomprf,
                        sexprf,
                        titstuprf,
                        doptitstu,
                        isc_giorno (b.mat, sysdate) flgisc,
                        fu_pen (b.mat) flgpen,
                        decode (fu_contadnp (b.mat, 1) + fu_contadnp
(b.mat, 1), 0, 0, 1) flgdicoms,
                        isc_anno (b.mat, fu_ac_web()) flgiscdic,
                        fu_anz_cassa (b.mat, sysdate, 1) annanz,
                        fu_anz_cassa (b.mat, sysdate, 2) gganz,
                        fu_eta (sysdate, datnas) anneta,
                        del,
                        fu_ra(b.mat,fu_ac_web()) flgdicirp,
                        fu_vaa(b.mat,fu_ac_web())  flgdiciva
                        from i_regute a, b_anacas b
                        where b.mat(+) = a.mat and codpin =
'$requestContext.principalName'
            ]]>
        </dc:QueryTemplate>

    </resolver:DataConnector>

    <resolver:DataConnector id="regsoc" xsi:type="dc:RelationalDatabase"
queryTimeout="PT10.000S">
        <dc:ContainerManagedConnection
resourceName="java:comp/env/jdbc/ORAIDP" />
        <dc:QueryTemplate>
            <![CDATA[
                select CODPIN ,CODSOC MAT,
DECODE(INDPECRPL,NULL,INDEMLRPL,INDPECRPL) INDEML, GET_PROFILE(CODPIN)
PROFILO FROM I_REGSOC WHERE CODPIN='$requestContext.principalName'
            ]]>
        </dc:QueryTemplate>

    </resolver:DataConnector>

    <resolver:DataConnector id="myLDAP" xsi:type="LDAPDirectory"
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
        ldapURL="ldap://xxx.inarcassa.it ldap://xxx.inarcassa.it"
baseDN="ou=Users,dc=inarcassa,dc=it" principal="cn=Manager,dc=
inarcassa,dc=it"
        principalCredential="xxxxxx">
        <FilterTemplate>
            <![CDATA[
                (uid=$requestContext.principalName)
            ]]>
        </FilterTemplate>
    </resolver:DataConnector>

    <!-- ========================================== -->
    <!--      Principal Connectors                  -->
    <!-- ========================================== -->
    <resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient"
nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
    <resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec"
nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
    <resolver:PrincipalConnector xsi:type="pc:Transient"
id="saml2Transient"
nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />

</resolver:AttributeResolver>

    <!-- ========================================== -->
    <!--      Principal Connectors                  -->
    <!-- ========================================== -->
    <resolver:PrincipalConnector xsi:type="pc:Transient" id="shibTransient"
nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
    <resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec"
nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
    <resolver:PrincipalConnector xsi:type="pc:Transient"
id="saml2Transient"
nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />

</resolver:AttributeResolver>

I can't attach log otherwise the moderator cuts my message.

Where's the mistake?

Thanks

Daniele
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20111107/40fef687/attachment.html 