Help Releasing Attributes

[David E. Newswanger]

Hi All,


I'm a student working in the IT department at Berea College. I've been tasked with setting up and IdP for the college. So far I've successfully installed the IdP v3 and a test service provider which can authenticate users against the schools Active Directory LDAP server. I've hit a brick wall in the last couple of weeks because I haven't been able to get my IdP to release any attributes aside from the EPPN and uid.


I copied the default connector for LDAP from attribute-resolver-ldap.xml into attribute-attribute-resolver.xml and I've also copied over the default attribute descriptions from attribute-resolver-full.xml for some of the standard attributes that we use in our LDAP instance such as sn and mail. I've removed all the filters in attrbute-filter.xml and attribute-policy.xml to allow for everything to pass through unmolested, and I've uncommented all of the default attributes in attribute-map.xml, including the ones for sn and mail. Even after all of this, the IdP still refuses to release attributes to my test service provider and the one that I have set up on testshib.org.


I've tried to use the aacli.sh script like so: ./aacli.sh --principal newswangerd --configDir /opt/shibboleth-idp/conf/ --requester https://idp.testshib.org/idp/shibboleth and rather than receiving a SAML assertion like the wiki said I should, I got this string:


(http://localhost/idp/profile/admin/resolvertest?requester=https%3A%2F%2Fidp.testshib.org%2Fidp%2Fshibboleth&principal=newswangerd) http://localhost/idp/profile/admin/resolvertest?requester=https%3A%2F%2Fidp.testshib.org%2Fidp%2Fshibboleth&principal=newswangerd


Does anyone know what might be going on? What can I do to debug this problem?


Thanks,

    David Newswanger.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151209/e7eaf0bc/attachment.html>