understanding response to SOAP attribute query

db@alaska.edu dabantz at alaska.edu
Thu Oct 23 16:12:30 EDT 2014


OK, in retrospect this seems fairly obvious, as often seems the case for me and Shib.

I had had to define a custom relying party config for Transact, in which I included the SSO profile - the only one I thought needed.  Given my belated realization that their process relies on a follow-up attribute query, I needed the AttributeQuery profile added to that custom relying party config.  

Once that was added, the Transact portal reports successful authN and correct values of attributes from the IdP.

Thanks to Andrew Keating, Nate Klingenstein, Mike Grady for replies impedance-matched to me.

David.Bantz at Alaska.edu


> On Oct 23, 2014, at 6:11 AM, Nate Klingenstein <ndk at internet2.edu> wrote:
> 
> Probably just need to add AttributeQuery for that relying party.  Give it a shot.
> 
>> On Oct 23, 2014, at 6:48 AM, David Bantz <dabantz at alaska.edu> wrote:
>> 
>> 
>>> On Oct 23, 2014, at 3:00, Nate Klingenstein <ndk at internet2.edu> wrote:
>>> 
>>>> I don’t understand.  What makes sense?
>>> 
>>> It makes sense that you're encountering this error.
>>> 
>>>> Andrew suggested we have the handler commented out, but as I replied, we don’t.
>>>> Is there something wrong with this handler:
>>> 
>>> I'm thinking context.  Which element is it in?  Is it in a custom RelyingParty, a DefaultRelyingParty?
>> 
>> 
>> Hmmm.  
>> 
>> It (the attribute query profile below) is in handler.xml in the profile group.
>> 
>> The vendor has a custom relying party config in relying-party.xml. 
>> 
>> Based on your question, do I infer I need an additional or different clause in the custom relying party to refer to the attribute query profile?
>> 
>> in handler.xml
>> 
>> <ProfileHandler xsi:type="SAML2AttributeQuery"
>>                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
>>                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
>>         <RequestPath>/SAML2/SOAP/AttributeQuery</RequestPath>
>>     </ProfileHandler>
>> 
>> in relying-party.xml
>> 
>>    <RelyingParty id="https://sp.transactsp.com/shibboleth-sp/mgmt-ualaska-sp.blackboard.com/mgmt"
>>        provider="urn:mace:incommon:alaska.edu"
>>        defaultSigningCredentialRef="IdPCredential"
>>        defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport">
>>        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" encryptNameIds="never" />
>>    </RelyingParty>
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20141023/7c42e4da/attachment.html 


More information about the users mailing list