Possible attribute problems when login
Peter Schober
peter.schober at univie.ac.at
Sun Aug 19 11:55:02 EDT 2012
* Sergio Rivas <srivasg_21 at hotmail.com> [2012-08-19 14:58]:
> I’ve reviewed all the configs and everything seems correct. I even
> tried “aacli.sh” script on IdP to check if it was releasing the
> attributes I selected correctly, and it seems to work (I get
> commonName + surname attributes with a correct user, and no
> attributes with an incorrect user).
Have a look in your log files. The IdP logs will tell you what the IdP
sent, the SPs logs will tell you what the SP recieved and what it did
with those attributes (mapping them, discarding them and why), which
you can then compare to your webserver authorization (authZ)
configuration.
You can also check the SP's native log for further details on why
authZ failed.
-peter
More information about the users
mailing list