Assertions missing on SP side

Rastko Isajev risajev at calliduscloud.com
Mon Mar 4 10:14:58 EST 2013 

Hi all,

how I can force Shibboleth to send response with assertions that I have
defined in *attribute-resolver.xml*. I would like to send back sn, cn, uid
and one custom field that I have defined in LDAP. I am using LDAP
connector. When my SP initiate FSSO, I am redirected to the Shibboleth
login page. User is authenticated. SAML response is send back. But it is
without assertions thta I am expecting. What is wrong ?

*In attribute-resolver.xml, here are defined attributes :*

  <resolver:AttributeDefinition xsi:type="ad:Simple" id="uid"
sourceAttributeID="userid">
        <resolver:Dependency ref="myLDAP" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String"
name="urn:mace:dir:attribute-def:uid" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String"
name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
    </resolver:AttributeDefinition>

<resolver:AttributeDefinition xsi:type="ad:Simple" id="cpqd"
sourceAttributeID="cpqd">
        <resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="cpqd" />
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="cpqd" />
    </resolver:AttributeDefinition>

*In attribute-filter.xml I have the following lines :*
*
*
    <!--  Release the transient ID, espa & eptid to anyone -->
    <afp:AttributeFilterPolicy id="releaseToAnyone">
        <afp:PolicyRequirementRule xsi:type="basic:ANY"/>

<!-- Transient -->
        <afp:AttributeRule attributeID="transientId">
            <afp:PermitValueRule xsi:type="basic:ANY"/>
        </afp:AttributeRule>
 <!-- uid to ANY -->
<afp:AttributeRule attributeID="uid">
            <afp:PermitValueRule xsi:type="basic:ANY" />
        </afp:AttributeRule>
 <afp:AttributeRule attributeID="cpqd">
            <afp:PermitValueRule xsi:type="basic:ANY" />
        </afp:AttributeRule>

    </afp:AttributeFilterPolicy>


And I am not getting these attributes. I am missing something ?

One note. In my LDAP names are the same and all are lowercase. I have tried
also with *lowercaseAttributeNames * in LDAP connector.

Thank you,
Rastko

-- 
[image: CallidusCloud Connections]<http://www.calliduscloudconnections.com/> CallidusCloud 
Connections, Las Vegas, May 5-7, 2013, REGISTER NOW<http://www.calliduscloudconnections.com/register.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20130304/42ca6258/attachment.html

More information about the users mailing list