Problem with attribute resolver
Christopher Bongaarts
cab at umn.edu
Mon Apr 23 19:57:17 BST 2012
On 4/23/2012 10:26 AM, dave massie wrote:
> Note that the query will return a value only when the guService
> attributes are correctly populated.
>
> We have tested and people without the correct guService attributes are
> denied access. This is good.
>
> However, when a person without the guService attributes tries to log
> into some other SP we get the error (from idp-process.log):
>
> WARN
> [edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler:465]
> - Error resolving at
> tributes for principal 'dhm24'. No name identifier or attribute
> statement will be included in response
I would probably omit the guService check from the filter, and instead
use it as part of the atrribute-filter stage to conditionally release it
to the Google entityID only if the guService check passes.
--
%% Christopher A. Bongaarts %% cab at umn.edu %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the users
mailing list