SP v2.5.6 transient id error

Mneedlem mneedlem at ufl.edu
Sun May 8 19:59:57 EDT 2016 

  
  
This email is in a loop. I'm gettin multiple copies of it. Can someone fix this
  
  
 Sent from Mark Needleman's iPhone  
  
    
  

  
  
>   
> On May 8, 2016 at 6:20 PM,  <Mr. Christopher Bland (mailto:chris at fdu.edu)>  wrote:
>   
>   
>   
>  Hi All,  
>
> I just installed a new v2.5.6 SP on RHEL6 to talk to a v2.4.2 IDP. The SP is setup like other SPs on campus. However I keep getting an infinite loop between the SP and the IDP. From what I can tell there is a breakdown processing the transient id. The IDP is receiving the request and sending a response. The shibd.log shows the following:  
>
> 2016-05-08 15:06:12 DEBUG Shibboleth.AttributeExtractor.XML [4]: unable to extract attributes, unknown XML object type: saml2p:Response  
> 2016-05-08 15:06:12 DEBUG Shibboleth.AttributeExtractor.XML [4]: skipping unmapped NameID with format (urn:oasis:names:tc:SAML:2.0:nameid-format:transient)  
> 2016-05-08 15:06:12 DEBUG Shibboleth.AttributeExtractor.XML [4]: unable to extract attributes, unknown XML object type: saml2:AuthnStatement  
>
> The other attributes released in the response are decoded and processed fine  
>
> 2016-05-08 15:06:12 DEBUG Shibboleth.AttributeDecoder.String [4]: decoding SimpleAttribute (sn) from SAML 2 Attribute (urn:oid:2.5.4.4) with 1 value(s)  
> 2016-05-08 15:06:12 DEBUG Shibboleth.AttributeDecoder.String [4]: decoding SimpleAttribute (cn) from SAML 2 Attribute (urn:oid:2.5.4.3) with 1 value(s)  
> 2016-05-08 15:06:12 DEBUG Shibboleth.AttributeDecoder.String [4]: decoding SimpleAttribute (givenName) from SAML 2 Attribute (urn:oid:2.5.4.42) with 1 value(s)  
>
> The transient id is defined as follows on the IDP  
>
>   <resolver:AttributeDefinition id="transientId" xsi:type="TransientId" xmlns="urn:mace:shibboleth:2.0:resolver:ad">   
>   <resolver:AttributeEncoder xsi:type="SAML1StringNameIdentifier" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"  
>  nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />   
>
>   <resolver:AttributeEncoder xsi:type="SAML2StringNameID" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"  
>  nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />   
>
>   </resolver:AttributeDefinition>   
>
>
>   <resolver:PrincipalConnector xsi:type="Transient" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="shibTransient"  
>  nameIDFormat="urn:mace:shibboleth:1.0:nameIdentifier" />   
>
>   <resolver:PrincipalConnector xsi:type="Transient" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="saml1Unspec"  
>  nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />   
>
>   <resolver:PrincipalConnector xsi:type="Transient" xmlns="urn:mace:shibboleth:2.0:resolver:pc" id="saml2Transient"  
>  nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />   
>
>
> I’ve gone through the attribute-map.xml file on this and other SPs and I don’t see historically where it was necessary to define the transient id.  
>
> All thoughts and suggestions welcome.  
>
> Thank you in advance,  
>
> -Chris  
>
> --  
> To unsubscribe from this list send an email to  users-unsubscribe at shibboleth.net (mailto:users-unsubscribe at shibboleth.net)          
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160508/6374a1c0/attachment.html>

More information about the users mailing list