Problem with client ip address changing

Cantor, Scott cantor.2 at
Tue Nov 13 09:28:16 EST 2012

On 11/13/12 9:15 AM, "Viitanen Viljo" <viljo.v.viitanen at> wrote:

>log entries in process log are like this:

You'll need to open a bug and attach the full log on DEBUG including the
audit entry. I have an idea what it might be, but I want to see the whole

>Any advice on how to deal with this?
>The current behavior is unacceptable, as the various SP¹s don¹t quite
>know what to do with a situation where they get a successful login
>without any attributes they need.

That¹s a misunderstanding. Applications MUST always be prepared for that.
There's no way to avoid that.

> I¹d rather the idp to issue an error to the user,
> and not let the user proceed to SP.

That may be, but it isn't normally possible. You don't know what
attributes the SP may be requiring, no matter what they say or their
metadata says, and you have no way to block the issuance of a response
based on that.

>For the record, we are also using the uApprove plugin.

That of course is not supported by us, but I don't know that it's

-- Scott

More information about the users mailing list