help with push attributes and potential curl ssl problem
Ben Marsh
blmarsh at gmail.com
Mon May 12 12:01:07 EDT 2014
Hi
I am trying to get shibboleth to talk to a vendors IdP. I am having
troubles. Admittedly I am unexperienced but somehow I got the shibboleth
to work with three different IdP's.
The problem is that I am not getting any of the user information back from
the IdP. After turning up the logging I found this:
2014-05-07 11:25:14 DEBUG XMLTooling.libcurl [4]: About to connect() to
aaa.bbb.cc port 443 (#0)
2014-05-07 11:25:14 DEBUG XMLTooling.libcurl [4]: Trying
xxx.xxx.xxx.xxx...
2014-05-07 11:25:14 DEBUG XMLTooling.libcurl [4]: connected
2014-05-07 11:25:14 DEBUG XMLTooling.libcurl [4]: Connected to aaa.bbb.ccc
(xxx.xxx.xxx.xxx) port 443 (#0)
2014-05-07 11:25:14 DEBUG XMLTooling.libcurl [4]: Initializing NSS with
certpath: sql:/etc/pki/nssdb
2014-05-07 11:25:14 DEBUG XMLTooling.libcurl [4]: Unknown cipher in list:
ALL:!aNULL:!LOW:!EXPORT:!SSLv2
2014-05-07 11:25:14 DEBUG XMLTooling.libcurl [4]: NSS error -5978
2014-05-07 11:25:14 DEBUG XMLTooling.libcurl [4]: Closing connection #0
I am using centos 6.3 and I think that libcurl has ssl support compiled in
so I dont think that recompiling anything will help. (But I could be
wrong) Am I wrong?
Is this significant?:
curl-config --features
SSL
IPv6
libz
IDN
NTLM
curl-config --protocols
HTTP
HTTPS
FTP
FTPS
FILE
TELNET
LDAP
LDAPS
DICT
TFTP
SCP
SFTP
Anyway I was told by the IdP vendor that I might have a way to avoid this
all together by getting the user attributes the IdP sends me rather than
asking for them seperately. This is what I need help with. This is what
is happening now:
2014-05-07 11:25:14 DEBUG Shibboleth.SSO.SAML2 [4]: extracting pushed
attributes...
2014-05-07 11:25:14 DEBUG Shibboleth.AttributeExtractor.XML [4]: unable to
extract attributes, unknown XML object type: saml2p:Response
2014-05-07 11:25:14 DEBUG Shibboleth.AttributeExtractor.XML [4]: skipping
unmapped NameID with format
(urn:oasis:names:tc:SAML:2.0:nameid-format:transient)
2014-05-07 11:25:14 DEBUG Shibboleth.AttributeExtractor.XML [4]: unable to
extract attributes, unknown XML object type: saml2:AuthnStatement
2014-05-07 11:25:14 DEBUG Shibboleth.SSO.SAML2 [4]: resolving attributes...
2014-05-07 11:25:14 DEBUG Shibboleth.AttributeResolver.Query [4]:
attempting SAML 2.0 attribute query
2014-05-07 11:25:14 DEBUG XMLTooling.XMLObject.Builder [4]: located
XMLObjectBuilder for element name: saml2:NameID
2014-05-07 11:25:14 DEBUG XMLTooling.XMLObject [4]: unmarshalling DOM
element (saml2:NameID)
2014-05-07 11:25:14 DEBUG XMLTooling.XMLObject [4]: unmarshalling
attributes for DOM element (saml2:NameID)
2014-05-07 11:25:14 DEBUG XMLTooling.XMLObject [4]: processing generic
attribute
2014-05-07 11:25:14 DEBUG XMLTooling.XMLObject [4]: processing generic
attribute
2014-05-07 11:25:14 DEBUG XMLTooling.XMLObject [4]: processing generic
attribute
2014-05-07 11:25:14 DEBUG XMLTooling.XMLObject [4]: unmarshalling child
nodes of DOM element (saml2:NameID)
2014-05-07 11:25:14 DEBUG XMLTooling.XMLObject [4]: processing text content
at position (0)
Are these the problems?
2014-05-07 11:25:14 DEBUG Shibboleth.AttributeExtractor.XML [4]: unable to
extract attributes, unknown XML object type: saml2p:Response
2014-05-07 11:25:14 DEBUG Shibboleth.AttributeExtractor.XML [4]: unable to
extract attributes, unknown XML object type: saml2:AuthnStatement
Is there more information I could provide to be useful?
Thanks,
Ben Marsh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140512/7aea5961/attachment.html
More information about the users
mailing list