Fw: Possible attribute problems when login

Sergio Rivas srivasg_21 at hotmail.com
Sun Aug 19 09:07:30 EDT 2012

Excuse me, I've resent my e-mail as it seems that there has been a 
codification problem with my last one. Again, please, sorry for that.


Hello everyone,

My name is Sergio and it's a pleasure for me being part of this mailing 
list. I'd like to apologize about my English, which isn't very good but I'll 
do my best to explain my problem.

I've been working with Shibboleth during these days to create a basic SSO 
service with a protected directory (just trying to protect "secure" default 
directory). Although I've followed all the steps shown in the official 
documentation and even in some web sites over the Internet, I haven't been 
able to get it work properly.

I'm using a User / Password authentication with an LDAP connector, and it 
seems to work as I can enter bad credentials and I'm not authorizated to 
access the service (i.e., the login form is showing). The problem is that I 
always get this message when my user is correctly authenticated through 
Shibboleth login form:

"We're sorry, but you cannot access this service at this time.

This service requires information about you that your identity provider did 
not release. To gain access to this service, your identity provider must 
release the required information.

You were trying to access the following URL:


For more information about this service, including what user information is 
required for access, please visit our information page."

I've reviewed all the configs and everything seems correct. I even tried 
"aacli.sh" script on IdP to check if it was releasing the attributes I 
selected correctly, and it seems to work (I get commonName + surname 
attributes with a correct user and nothing with an incorrect user).

What do you think, guys?

Let me know if you need additional information, like OS using, Shibboleth 
version and so on.

Thank you in advance.

Kind Regards,

More information about the users mailing list