SP 2.5 + Windows Apache 2.2 not populating environment vars

[Cantor, Scott]

On 12/3/14, 8:06 PM, "Jerry B. Altzman" <jbaltz at gmail.com> wrote:
>
>So all this means...that shibd is getting the XML, and unpacking it, and 
>then not knowing what to do with the mapping?

It's possible. It doesn't do anything unless it's told to, it doesn't 
automatically handle any Attribute it sees because it doesn't know what 
you want to call it.

>The transaction log has many lines like
>2014-12-03 14:46:48 INFO Shibboleth-TRANSACTION [5]: New session (ID: 
>_13032dbfdee80993f655dfc5597c686c) with (applicationId: default) for 
>principal from (IdP:
>https://idp.testshib.org/idp/shibboleth) at (ClientAddress: a.b.c.d) with 
>(NameIdentifier: _55ca2e3ca8fc071da6bf1ecb76d36e8e) using (Protocol: 
>urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: 
>_b7d624b7035aecf9caabcf4f36344e57)
>2014-12-03 14:46:48 INFO Shibboleth-TRANSACTION [5]: Cached the following 
>attributes with session (ID: _13032dbfdee80993f655dfc5597c686c) for 
>(applicationId: default) {
>2014-12-03 14:46:48 INFO Shibboleth-TRANSACTION [5]: }

Ok, so you see how there's nothing there under the attributes being 
cached? That means you didn't map anything that was found in the 
assertion. If there are attributes in it you didn't map, it will log that 
it skipped them. It won't log anything for a mapping rule that doesn't 
happen to correspond to anything it saw. But either way, there's no 
overlap at the moment between what testshib sent and what you mapped.

That log is how you know. Until that changes, you don't see anything in 
the dump.

>I have bounced shibd many times, but I can bounce it one more.

Then all I can tell is what's above. If Kevin's around, or if there's a 
document somewhere on the site, it would help to know what testshib 
actually sends, but you should see that in the XML in the log, and you 
*must* have log lines noting that it's ignoring certain attributes it's 
seeing.

-- Scott