AttributeValue was not of a supported type and contains no child elements
Jozef M.
vidiecan at gmail.com
Thu Oct 30 10:50:38 EDT 2014
Hi,
our SP ignores attributes in specific format namely
"urn:oid:1.3.6.1.4.1.5923.1.1.1.10" in the following format:
From shibd.log (the value was changed)
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue
xsi:type="xs:string">bc29992aeZZZZZ</saml:AttributeValue>
</saml:Attribute>
these lines describe the problem
DEBUG Shibboleth.AttributeDecoder.NameID [996]: decoding NameIDAttribute
(persistent-id) from SAML 2 Attribute
(urn:oid:1.3.6.1.4.1.5923.1.1.1.10) with 1 value(s)
WARN Shibboleth.AttributeDecoder.NameID [996]: AttributeValue was not of
a supported type and contains no child elements
INFO Shibboleth.AttributeExtractor.XML [996]: skipping unmapped SAML 2.0
Attribute with Name: urn:oid:1.3.6.1.4.1.5923.1.1.1.10
from attribute-map.xml
<Attribute name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" id="persistent-id">
<AttributeDecoder xsi:type="NameIDAttributeDecoder"
formatter="$Name" defaultQualifiers="true"/>
</Attribute>
from attribute-policy.xml
<afp:AttributeRule attributeID="persistent-id">
<afp:PermitValueRule xsi:type="saml:NameIDQualifierString"/>
</afp:AttributeRule>
What should be changed so that the attribute above is supported?
If we receive the following everything works as expected
<saml2:Attribute FriendlyName="eduPersonTargetedID"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>
<saml2:NameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
NameQualifier="XXX" SPNameQualifier="YYY">ZZZ</saml2:NameID>
</saml2:AttributeValue>
</saml2:Attribute>
Thank you for your answers,
Jozef Misutka
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20141030/64d2fe88/attachment.html
More information about the users
mailing list