AttributeResolver Template

Aaron Howell aaron.howell at deakin.edu.au
Tue Aug 14 03:08:18 EDT 2012 

Hi all,

I am installing a new 2.5 SP and trying to replace aliases (now
deprecated) with an AttributeResolver. I thought I should be able to do
this simply with the Template Plugin - as it is simply a "source" that
populate a "destination"

Am I missing something here?

Excerpt shibboleth2.xml
<OutOfProcess logger="shibd.logger">
    <Extensions>
        <Library path="plugins.so" fatal="true"/>
    </Extensions>
</OutOfProcess>
...

<AttributeResolver type="Template" source="uid" dest="username">
    <Template>$uid</Template>
</AttributeResolver>



2012-08-14 13:51:18 DEBUG Shibboleth.SSO.SAML2 [2]: SSO profile processing
completed successfully
2012-08-14 13:51:18 DEBUG Shibboleth.SSO.SAML2 [2]: extracting pushed
attributes...
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeExtractor.XML [2]: unable to
extract attributes, unknown XML object type: saml2p:Response
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeExtractor.XML [2]: skipping
unmapped NameID with format
(urn:oasis:names:tc:SAML:2.0:nameid-format:transient)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeExtractor.XML [2]: unable to
extract attributes, unknown XML object type: saml2:AuthnStatement
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.String [2]: decoding
SimpleAttribute (uid) from SAML 2 Attribute
(urn:oid:0.9.2342.19200300.100.1.1) with 1 value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.String [2]: decoding
SimpleAttribute (eduPersonAffiliation) from SAML 2 Attribute
(urn:oid:1.3.6.1.4.1.5923.1.1.1.1) with 3 value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.String [2]: decoding
SimpleAttribute (surname) from SAML 2 Attribute (urn:oid:2.5.4.4) with 1
value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.String [2]: decoding
SimpleAttribute (givenName) from SAML 2 Attribute (urn:oid:2.5.4.42) with
1 value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.String [2]: decoding
SimpleAttribute (homeOrganization) from SAML 2 Attribute
(urn:oid:1.3.6.1.4.1.25178.1.2.9) with 1 value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.NameID [2]: decoding
NameIDAttribute (eduPersonTargetedID) from SAML 2 Attribute
(urn:oid:1.3.6.1.4.1.5923.1.1.1.10) with 1 value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.NameID [2]: decoding
saml2:NameID child element of AttributeValue
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.String [2]: decoding
SimpleAttribute (email) from SAML 2 Attribute
(urn:oid:0.9.2342.19200300.100.1.3) with 1 value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.String [2]: decoding
SimpleAttribute (memberOfCN) from SAML 2 Attribute
(urn:oid:1.3.6.1.4.1.25302.2.3.21) with 20 value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeDecoder.String [2]: decoding
SimpleAttribute (displayName) from SAML 2 Attribute
(urn:oid:2.16.840.1.113730.3.1.241) with 1 value(s)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: filtering 9
attribute(s) from (https://signon-dev.deakin.edu.au/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (displayName) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (memberOfCN) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (email) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (eduPersonTargetedID) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (homeOrganization) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (givenName) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (surname) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (eduPersonAffiliation) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeFilter [2]: applying
filtering rule(s) for attribute (uid) from
(https://example.com/idp/shibboleth)
2012-08-14 13:51:18 DEBUG Shibboleth.SSO.SAML2 [2]: resolving attributes...
2012-08-14 13:51:18 WARN Shibboleth.AttributeResolver.Template [2]: source
attribute () missing, cannot resolve attribute (username)
2012-08-14 13:51:18 DEBUG Shibboleth.AttributeResolver.Query [2]: found
AttributeStatement in input to new session, skipping query
2012-08-14 13:51:18 DEBUG Shibboleth.SessionCache [2]: creating new session
2012-08-14 13:51:18 DEBUG Shibboleth.SessionCache [2]: storing new
session...





uid is set correctly - but username does not appear.

On a slightly separate note - I noticed that PHP_AUTH_USER was populated -
however I had not configured this to occur (as I sometimes used aliases to
populate this on Servers where the application did not support the
REMOTE_USER - but never by default). Is this a new feature of 2.5 or
apache?

Cheers,
Aaron

--

Aaron Howell
Systems Administrator, eSolutions
 


Deakin University
Melbourne Burwood Campus, 221 Burwood Highway, Burwood, VIC 3125
Phone: +61 3 5227 8751
aaron.howell at deakin.edu.au
www.deakin.edu.au <http://www.deakin.edu.au/>
Deakin University CRICOS Provider Code 00113B


Important Notice: The contents of this email are intended solely for the named addressee and are confidential; any unauthorised use, reproduction or storage of the contents is expressly prohibited. If you have received this email in error, please delete it and any attachments immediately and advise the sender by return email or telephone.

Deakin University does not warrant that this email and any attachments are error or virus free.

More information about the users mailing list