Missing attribute from SAML2 response

Cantor, Scott cantor.2 at osu.edu
Wed Nov 7 13:06:52 EST 2012

On 11/7/12 12:00 PM, "David Bantz" <dabantz at alaska.edu> wrote:

>Prior to the block of encrypted data in the logs should be something like
>'SAML assertion to be encrypted:' with the clear-text SAML assertion.

On the IdP, yes, but he's on the other end. The SP logs provide enough
evidence of whether an attribute is included without needing the IdP log
or the decrypted assertion (though all recent/supported versions do log
the decrypted assertion).

-- Scott

More information about the users mailing list