Continuing Attribute release problems

Michael Dahlberg olgamirth at gmail.com
Mon Aug 17 12:40:42 EDT 2015 

I'm continuing to have attribute release problems.  Maybe a second (or
third) pair of eyes on my config will indicate my error.

The relevant part of my attribute-filter.xml file is listed below:

    <afp:AttributeFilterPolicy>
        <afp:PolicyRequirementRule xsi:type="basic:OR">
            <basic:Rule xsi:type="basic:AttributeRequesterString" value="
https://adminuat.dc4.pageuppeople.com/" />
            <basic:Rule xsi:type="basic:AttributeRequesterString" value="
https://admin.dc4.pageuppeople.com/" />
        </afp:PolicyRequirementRule>
        <afp:AttributeRule attributeID="WindowsDomainQualifiedName">
            <afp:PermitValueRule xsi:type="basic:ANY" />
        </afp:AttributeRule>
    </afp:AttributeFilterPolicy>


The attribute WindowsDomainQualifiedName is being released to several
different SPs.  When attempting to access the SP's site redirection to the
authentication site via the IdP occurs with problems and is successful.
The log entry for the POST back to the calling SP is as follows:

 INFO [Shibboleth-Audit:1028] -
20150817T163553Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_b75e82e2-8a12-4246-850b-c674bd3db46a|
https://admin.dc4.pageuppeople.com/|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://shib.bucknell.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_888df6155b16447e32e098e0f9c9adcd|dahlberg|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport||dahlberg|_18ac13c8395adfbaae72cc4069675b83,|

Clearly, no attributes are listed as being returned to the calling SP.

When I run the following command:

 /usr/local/idp/bin/aacli.sh --configDir=/usr/local/idp/conf
--principal=dahlberg --requester=https://admin.dc4.pageuppeople.com/

I get the result:

No attribute statement.

I've looked at the troubleshooting sections of the Shib IdP wiki with no
success.  Can anyone give me an idea on how to proceed?

Thanks,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150817/d1b31e5c/attachment-0001.html>

More information about the users mailing list