Missing attribute from SAML2 response

Cantor, Scott cantor.2 at osu.edu
Tue Nov 6 16:23:40 EST 2012

On 11/6/12 3:09 PM, "mjoen" <marion.nalepa at proquest.com> wrote:

>I am running an SP server and it receives a response that includes an
>affiliation (allegedly), but the affiliation is not coming through after
>response is parsed. I'm getting:
>WARN Shibboleth.AttributeDecoder.NameID [4]: AttributeValue was not of a
>supported type and contains no child elements

That's not from an affiliation attribute, at least that's very unlikely.

>I'm not sure how to debug this further. Nothing I try shows me the
>values coming through. I can turn on DEBUG level logging, but the relevant
>fields are in a big CipherData block that doesn't seem to show up anywhere
>unencrypted (at least with anything I've tried).

The logs will tell you anything it's throwing away or ignoring, so chances
are it's not there to begin with.

The decrypted assertion is also in the logs unless that fix came later, in
which case you'd have to be running something more recent I guess.

-- Scott

More information about the users mailing list