Help Releasing Attributes
dgersic at niu.edu
Wed Dec 9 17:09:00 EST 2015
What IdP version are you working with?
Removing filters from attribute-filter.xml is probably exactly the opposite of what you need to do.
Turning up the logging level can be helpful, or overwhelming, depending on how much detail you ask it for and how much you can make sense of.
From: users <users-bounces at shibboleth.net> on behalf of David E. Newswanger <David_Newswanger at berea.edu>
Sent: Wednesday, December 09, 2015 3:56 PM
To: users at shibboleth.net
Subject: Help Releasing Attributes
I'm a student working in the IT department at Berea College. I've been tasked with setting up and IdP for the college. So far I've successfully installed the IdP v3 and a test service provider which can authenticate users against the schools Active Directory LDAP server. I've hit a brick wall in the last couple of weeks because I haven't been able to get my IdP to release any attributes aside from the EPPN and uid.
I copied the default connector for LDAP from attribute-resolver-ldap.xml into attribute-attribute-resolver.xml and I've also copied over the default attribute descriptions from attribute-resolver-full.xml for some of the standard attributes that we use in our LDAP instance such as sn and mail. I've removed all the filters in attrbute-filter.xml and attribute-policy.xml to allow for everything to pass through unmolested, and I've uncommented all of the default attributes in attribute-map.xml, including the ones for sn and mail. Even after all of this, the IdP still refuses to release attributes to my test service provider and the one that I have set up on testshib.org.
I've tried to use the aacli.sh script like so: ./aacli.sh --principal newswangerd --configDir /opt/shibboleth-idp/conf/ --requester https://idp.testshib.org/idp/shibboleth and rather than receiving a SAML assertion like the wiki said I should, I got this string:
Does anyone know what might be going on? What can I do to debug this problem?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users