Error while creating bean with name "searchUsername" for AttributePostLoginC14NConfiguration

Cantor, Scott cantor.2 at osu.edu
Wed Jan 13 12:29:21 EST 2016


On 1/13/16, 12:00 PM, "users on behalf of Roderick Grau" <users-bounces at shibboleth.net on behalf of rgrau at albany.edu> wrote:



>I am trying to get the saml nameid in plain text.

It already is in plain text, always. You're confusing encryption with "the value of the ID isn't a simple username". Those are different issues.

>  From the archives http://shibboleth.1660669.n2.nabble.com/Using-IDP-V3-for-SSO-with-AWS-td7620775.html I found the encryptNameIDs.

That isn't your problem. It never encrypts them unless you tell it to with that setting.

>             p:nameIDFormatPrecedence="#{{
>               'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'}}"

That's the relevant setting, that will in general cause it to attempt to use that format with that SP.

If it's not doing that, then the most likely reason is that the SP isn't the one you think it is. Named wrong, or whatever. Another possibility is that the metadata is telling it to use a different Format. A third is that it's just not configured to support generating that Format.

>I found this in the idp-process.log:

That's already too late, the format decision is earlier than that.

>Unless I am missing something, It looks like the relying party override is not working.

Yes, so that isn't the SP's name, or one of the other reasons is involved.

-- Scott

>


More information about the users mailing list