Assertions missing on SP side

Rastko Isajev risajev at
Mon Mar 4 10:14:58 EST 2013

Hi all,

how I can force Shibboleth to send response with assertions that I have
defined in *attribute-resolver.xml*. I would like to send back sn, cn, uid
and one custom field that I have defined in LDAP. I am using LDAP
connector. When my SP initiate FSSO, I am redirected to the Shibboleth
login page. User is authenticated. SAML response is send back. But it is
without assertions thta I am expecting. What is wrong ?

*In attribute-resolver.xml, here are defined attributes :*

  <resolver:AttributeDefinition xsi:type="ad:Simple" id="uid"
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String"
name="urn:mace:dir:attribute-def:uid" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />

<resolver:AttributeDefinition xsi:type="ad:Simple" id="cpqd"
        <resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="cpqd" />
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="cpqd" />

*In attribute-filter.xml I have the following lines :*
    <!--  Release the transient ID, espa & eptid to anyone -->
    <afp:AttributeFilterPolicy id="releaseToAnyone">
        <afp:PolicyRequirementRule xsi:type="basic:ANY"/>

<!-- Transient -->
        <afp:AttributeRule attributeID="transientId">
            <afp:PermitValueRule xsi:type="basic:ANY"/>
 <!-- uid to ANY -->
<afp:AttributeRule attributeID="uid">
            <afp:PermitValueRule xsi:type="basic:ANY" />
 <afp:AttributeRule attributeID="cpqd">
            <afp:PermitValueRule xsi:type="basic:ANY" />


And I am not getting these attributes. I am missing something ?

One note. In my LDAP names are the same and all are lowercase. I have tried
also with *lowercaseAttributeNames * in LDAP connector.

Thank you,

[image: CallidusCloud Connections]<> CallidusCloud 
Connections, Las Vegas, May 5-7, 2013, REGISTER NOW<>
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list