Help Releasing Attributes

David Gersic dgersic at niu.edu
Wed Dec 9 17:09:00 EST 2015 

What IdP version are you working with?


Removing filters from attribute-filter.xml is probably exactly the opposite of what you need to do.


Turning up the logging level can be helpful, or overwhelming, depending on how much detail you ask it for and how much you can make sense of.


________________________________
From: users <users-bounces at shibboleth.net> on behalf of David E. Newswanger <David_Newswanger at berea.edu>
Sent: Wednesday, December 09, 2015 3:56 PM
To: users at shibboleth.net
Subject: Help Releasing Attributes


Hi All,


I'm a student working in the IT department at Berea College. I've been tasked with setting up and IdP for the college. So far I've successfully installed the IdP v3 and a test service provider which can authenticate users against the schools Active Directory LDAP server. I've hit a brick wall in the last couple of weeks because I haven't been able to get my IdP to release any attributes aside from the EPPN and uid.


I copied the default connector for LDAP from attribute-resolver-ldap.xml into attribute-attribute-resolver.xml and I've also copied over the default attribute descriptions from attribute-resolver-full.xml for some of the standard attributes that we use in our LDAP instance such as sn and mail. I've removed all the filters in attrbute-filter.xml and attribute-policy.xml to allow for everything to pass through unmolested, and I've uncommented all of the default attributes in attribute-map.xml, including the ones for sn and mail. Even after all of this, the IdP still refuses to release attributes to my test service provider and the one that I have set up on testshib.org.


I've tried to use the aacli.sh script like so: ./aacli.sh --principal newswangerd --configDir /opt/shibboleth-idp/conf/ --requester https://idp.testshib.org/idp/shibboleth and rather than receiving a SAML assertion like the wiki said I should, I got this string:


(http://localhost/idp/profile/admin/resolvertest?requester=https%3A%2F%2Fidp.testshib.org%2Fidp%2Fshibboleth&principal=newswangerd) http://localhost/idp/profile/admin/resolvertest?requester=https%3A%2F%2Fidp.testshib.org%2Fidp%2Fshibboleth&principal=newswangerd


Does anyone know what might be going on? What can I do to debug this problem?


Thanks,

    David Newswanger.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20151209/60765ac3/attachment-0001.html>

More information about the users mailing list