Need help in shibboleth configuration

Peter Schober peter.schober at
Tue May 23 10:59:46 EDT 2017

* bhupendra.a.singh at <bhupendra.a.singh at> [2017-05-23 16:46]:
> I have done the changes as mentioned below but still not getting the
> REMOTE_USER value in response.

Did you consult the appropriate documentation?

> <Attribute
> Name="https://federation-sts/schemas/claims/1/enterpriseid"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><AttributeValue>Enterprise
> ID </AttributeValue></Attribute>

The "Name" of the attribute from the SAML Assertion is what needs to
go in to the Attribute/@name in the Shib SP's attribute-map.xml.
(Hence the, well, name.)

> <Attribute name="urn:oid:" id="enterprise_id">
>   <AttributeDecoder xsi:type="ScopedAttributeDecoder"/>
> </Attribute>

You can't just change the "id" of an arbitrary existing entry in the
distributed attribute-map.xml. Instead create a new entry (ideally
after reading the documentation) and provide the details for *your*
attribute name:
The "name" in your attribute-map.xml bares no resemblence at all to
the Attribute "Name" from the SAML Assertion. How should the software
know that it should look for an attribute named
"https://federation-sts/schemas/claims/1/enterpriseid" when you
configiure its name to be "urn:oid:"?


More information about the users mailing list