"Disappearing" Attributes in IdP v3

Lucia Siochi Lucia.Siochi at cpcc.edu
Mon Apr 25 16:50:29 EDT 2016 

Hi Scott,

There was definitely something fishy with my config, which is what I had been thinking, but I couldn't see what it was.

I just got it working. The problem was that there were multiple definitions for the same attribute associated with different connectors, so depending on which one was actually used, there may or may not have been a value.  I've cleaned it up and have multiple dependencies for the different connectors in the same attribute definition like so:

    <resolver:AttributeDefinition xsi:type="ad:Simple" id="displayName" sourceAttributeID="displayName">
        <resolver:Dependency ref="myAD11" />
        <resolver:Dependency ref="myAD12" />
        <resolver:Dependency ref="myAD21" />
        <resolver:Dependency ref="myAD22" />
        <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
        <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
    </resolver:AttributeDefinition>

After that, it was working like a charm!

Thanks,

------------------
Lucia Siochi
Senior Systems Architect, IT Services
Central Piedmont Community College
Central Campus, Citizens Bldg
704.330.6521

We value your feedback. How is our service at CPCC?

----------------------------------------------------------------------

Content-Type: text/plain; charset="us-ascii"

> *         Any ideas on what could be causing this "disappearing trick"?

Nothing jumps out. Usually that means the log there isn't sequential or there's a config being used that isn't actually what you posted.

> *         Any suggestions on how to troubleshoot this?

If it's a test system running a single request/test with logging turned up, not really. Nothing short of a debugger.

> *         Would having a connection pool accessing various AD domains and OUs
> have an impact? (Only one instance of the username exists in the
> entire
> pool.)

Not once the result comes back into that resolution of the data connector and gets logged.

This isn't happening to anybody as far as I know, so there's something fishy about your log or your configuration.

-- Scott



________________________________

This e-mail, including any attachments, is intended only for the addressee's use and may contain confidential and proprietary information. If you are not the intended recipient, you are hereby notified that any retention, dissemination, reproduction, or use of the information contained in this e-mail is strictly prohibited. If you have received this e-mail by error, please delete it and immediately notify the sender. Thank you for your cooperation.

More information about the users mailing list