Possible attribute problems when login

[Sergio Rivas]

Hello everyone, 

My name is Sergio and it’s a pleasure for me being part of this mailing list. I’d like to apologize about my English, which isn’t very good but I’ll do my best to explain my problem.

I’ve been working with Shibboleth during these days to create a basic SSO service with a protected directory (just trying to protect “secure” default directory). Although I’ve followed all the steps shown in the official documentation and even in some web sites over the Internet, I haven’t been able to get it work properly.

I’m using a User / Password authentication with an LDAP connector, and it seems to work as I can enter bad credentials and I’m not authorizated to access the service (i.e., the login form is showing). The problem is that I always get this message when my user is correctly authenticated:


"We're sorry, but you cannot access this service at this time. 

This service requires information about you that your identity provider did not release. To gain access to this service, your identity provider must release the required information.

You were trying to access the following URL: 

    https://sp1.semi.com/secure

For more information about this service, including what user information is required for access, please visit our information page."


I’ve reviewed all the configs and everything seems correct. I even tried “aacli.sh” script on IdP to check if it was releasing the attributes I selected correctly, and it seems to work (I get commonName + surname attributes with a correct user, and no attributes with an incorrect user).

What do you think, guys? 

Let me know if you need additional information, like OS using, Shibboleth version and so on.

Thank you in advance. 

Kind Regards, 
Sergio. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120819/43654b82/attachment.html