Help Releasing Attributes

David E. Newswanger David_Newswanger at
Wed Dec 9 16:56:31 EST 2015

Hi All,

I'm a student working in the IT department at Berea College. I've been tasked with setting up and IdP for the college. So far I've successfully installed the IdP v3 and a test service provider which can authenticate users against the schools Active Directory LDAP server. I've hit a brick wall in the last couple of weeks because I haven't been able to get my IdP to release any attributes aside from the EPPN and uid.

I copied the default connector for LDAP from attribute-resolver-ldap.xml into attribute-attribute-resolver.xml and I've also copied over the default attribute descriptions from attribute-resolver-full.xml for some of the standard attributes that we use in our LDAP instance such as sn and mail. I've removed all the filters in attrbute-filter.xml and attribute-policy.xml to allow for everything to pass through unmolested, and I've uncommented all of the default attributes in attribute-map.xml, including the ones for sn and mail. Even after all of this, the IdP still refuses to release attributes to my test service provider and the one that I have set up on

I've tried to use the script like so: ./ --principal newswangerd --configDir /opt/shibboleth-idp/conf/ --requester and rather than receiving a SAML assertion like the wiki said I should, I got this string:

(http://localhost/idp/profile/admin/resolvertest? http://localhost/idp/profile/admin/resolvertest?

Does anyone know what might be going on? What can I do to debug this problem?


    David Newswanger.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list