FW: Need help in shibboleth configuration

Thu May 25 07:23:52 EDT 2017

Hi All,

Please can anyone reply on this thread.

Thanks & Regards,
Bhupendra 

-----Original Message-----
From: Singh, Bhupendra A. 
Sent: Wednesday, May 24, 2017 8:16 PM
To: Shib Users <users at shibboleth.net>
Subject: FW: Need help in shibboleth configuration

Hi Peter,

Please let me know if you need more details or any other configuration file.

Thanks & Regards,
Bhupendra 

-----Original Message-----
From: Singh, Bhupendra A. 
Sent: Wednesday, May 24, 2017 3:27 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: Need help in shibboleth configuration

Hi Alan,

Please find attached the attribute-map.xml file for your reference. Please let me know if you need more details.

Thanks & Regards,
Bhupendra 

-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Alan Buxey
Sent: Wednesday, May 24, 2017 2:08 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Need help in shibboleth configuration

you have skipping unmapped NameID with format - which would suggest incorrect mappings for the SAML nameID, you then have loads of "skipping unmapped SAML 2.0 Attribute with Name" which means you have some issues in your attribute-map file - perhaps the nameFormat is
absent?   provide your attribute-map file

alan

On 24 May 2017 at 09:02,  <bhupendra.a.singh at accenture.com> wrote:
> Hi Peter,
>
> Please find below the shibd.log.
>
> Shibd.log
>
> 2017-05-24 03:24:16 DEBUG Shibboleth.AttributeExtractor.XML [3]: 
> unable to extract attributes, unknown XML object type: samlp:Response
> 2017-05-24 03:24:16 DEBUG Shibboleth.AttributeExtractor.XML [3]: 
> skipping unmapped NameID with format
> (urn:oasis:names:tc:SAML:2.0:nameid-format:string)
> 2017-05-24 03:24:16 DEBUG Shibboleth.AttributeExtractor.XML [3]: 
> unable to extract attributes, unknown XML object type: 
> {urn:oasis:names:tc:SAML:2.0:assertion}AuthnStatement
> 2017-05-24 03:24:16 INFO Shibboleth.AttributeExtractor.XML [3]: 
> skipping unmapped SAML 2.0 Attribute with Name: 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__schemas.xmlsoap.or
> g_ws_2005_05_identity_claims_emailaddress&d=DwIGaQ&c=eIGjsITfXP_y-DLLX
> 0uEHXJvU8nOHrUK8IrwNKOtkVU&r=iyop1o4k3D-LmubkaV19fs58JOYX7uCPiqL6a-rQT
> eM&m=OOQbKn_KLHDjpCBtiJnaSxFmxg646N43cJ7URGoPEWU&s=BbxKT2I_oO5bOXXVwip
> otMTKucFq5cNWcKbapKyYGF0&e= ,
> Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
> 2017-05-24 03:24:16 INFO Shibboleth.AttributeExtractor.XML [3]: 
> skipping unmapped SAML 2.0 Attribute with Name: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__federation_schema
> s_claims_1_enterpriseid&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8Ir
> wNKOtkVU&r=iyop1o4k3D-LmubkaV19fs58JOYX7uCPiqL6a-rQTeM&m=OOQbKn_KLHDjp
> CBtiJnaSxFmxg646N43cJ7URGoPEWU&s=ud2XguFKy7lT7F_v5CgbNFRxF7Xsjh56oRXrJ
> J7SaPA&e= , Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
> 2017-05-24 03:24:16 INFO Shibboleth.AttributeExtractor.XML [3]: 
> skipping unmapped SAML 2.0 Attribute with Name: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__federation_schema
> s_claims_1_peoplekey&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNK
> OtkVU&r=iyop1o4k3D-LmubkaV19fs58JOYX7uCPiqL6a-rQTeM&m=OOQbKn_KLHDjpCBt
> iJnaSxFmxg646N43cJ7URGoPEWU&s=GCcBhhCXMYwVanMXaiAV7z47G1pdY8TEUOc8oubq
> LVo&e= , Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
> 2017-05-24 03:24:16 INFO Shibboleth.AttributeExtractor.XML [3]: 
> skipping unmapped SAML 2.0 Attribute with Name: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__federation_schema
> s_claims_1_personnelnumber&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK
> 8IrwNKOtkVU&r=iyop1o4k3D-LmubkaV19fs58JOYX7uCPiqL6a-rQTeM&m=OOQbKn_KLH
> DjpCBtiJnaSxFmxg646N43cJ7URGoPEWU&s=7LAhrI09DCGNSKrNJ6aTAQJ_T_w4Z_yGpu
> BVcFu_dKk&e= ,
> Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
> 2017-05-24 03:24:16 INFO Shibboleth.AttributeExtractor.XML [3]: 
> skipping unmapped SAML 2.0 Attribute with Name: 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__schemas.xmlsoap.or
> g_claims_Group&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&
> r=iyop1o4k3D-LmubkaV19fs58JOYX7uCPiqL6a-rQTeM&m=OOQbKn_KLHDjpCBtiJnaSx
> Fmxg646N43cJ7URGoPEWU&s=EL5ufIjL1uFKSyMii3VUa6h5cRIYvj_eWulWEgQ-5pw&e=
> , Format:urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
> 2017-05-24 03:24:16 DEBUG Shibboleth.SSO.SAML2 [3]: resolving attributes...
> 2017-05-24 03:24:16 DEBUG Shibboleth.AttributeResolver.Query [3]: 
> found AttributeStatement in input to new session, skipping query
>
> Thanks & Regards,
> Bhupendra
>
>
> -----Original Message-----
> From: Singh, Bhupendra A.
> Sent: Wednesday, May 24, 2017 8:47 AM
> To: users at shibboleth.net
> Subject: RE: Need help in shibboleth configuration
>
> Hi Peter,
>
> Please find below the log details. I could not find anything specific to my issue in error_log and ss_error_log. The blank space was a typo in my mail otherwise it is correct in the configuration. Please provide the policy details which I have to take care.
>
> Shibd.log
>
> 2017-05-23 13:12:03 INFO Shibboleth.AttributeExtractor.XML [7]: 
> skipping unmapped SAML 2.0 Attribute with Name: 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__federation_schema
> s_claims_1_enterpriseid&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8Ir
> wNKOtkVU&r=iyop1o4k3D-LmubkaV19fs58JOYX7uCPiqL6a-rQTeM&m=OOQbKn_KLHDjp
> CBtiJnaSxFmxg646N43cJ7URGoPEWU&s=ud2XguFKy7lT7F_v5CgbNFRxF7Xsjh56oRXrJ
> J7SaPA&e= , Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
>
> Transaction.log
>
> 2017-05-23 13:07:29 INFO Shibboleth-TRANSACTION [6]: Cached the 
> following attributes with session (ID:
> _c6c635286740fa2d4c3d9249942ad67f) for (applicationId: default) {
> 2017-05-23 13:07:29 INFO Shibboleth-TRANSACTION [6]: }
> 2017-05-23 13:12:03 INFO Shibboleth-TRANSACTION [7]: New session (ID: 
> _198a1eb5486cbeb597eeb9e547d8683c) with (applicationId: default) for 
> principal from (IdP: urn:federation:stage) at (ClientAddress: 0.0.0.0) 
> with (NameIdentifier: Enterprise_ID) using (Protocol:
> urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: 
> _2bf81ac2-6fc4-4877-ac53-1706ab46e86c)
> 2017-05-23 13:12:03 INFO Shibboleth-TRANSACTION [7]: Cached the 
> following attributes with session (ID:
> _198a1eb5486cbeb597eeb9e547d8683c) for (applicationId: default) {
> 2017-05-23 13:12:03 INFO Shibboleth-TRANSACTION [7]: }
>
> Thanks & Regards,
> Bhupendra
> -----Original Message-----
> From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Peter 
> Schober
> Sent: Wednesday, May 24, 2017 2:27 AM
> To: users at shibboleth.net
> Subject: Re: Need help in shibboleth configuration
>
> * bhupendra.a.singh at accenture.com <bhupendra.a.singh at accenture.com> [2017-05-23 19:31]:
>> I have done the changes as you mentioned below but still not able to 
>> get the remote_user in the header request. Please let me know if 
>> something is missing.
>
> Your Shib config looks OK, from what I can tell (though it doesn't match the SAML Attribute, as that has a blank space in its Attribute/@Name in your previous email:
>   Name="https://urldefense.proofpoint.com/v2/url?u=https-3A__federation&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=iyop1o4k3D-LmubkaV19fs58JOYX7uCPiqL6a-rQTeM&m=gVmuJ7_9T3bCn5eop2Qqc4Iwedn3ObIapb_g6QcB8i0&s=Phxc80izv5iJYX1M_vk03yz_9NFwgdP1Ea5TdRzVlCE&e=  /schemas/claims/1/enterpriseid"
> while your attribute-map.xml has none. I'll write that up to copy/paste issues with your email but your logs will tell you exactly what's happening:
>
> The SP's shibd.log will tell you what attributes have been ignored ("skipping unmapped") due to to not being mapped correctly, or because they don't match some policy rules, the SP's transaction.log will tell you what attributes have been recieved and mapped successfully, and finally Apache httpd's access log will tell you what it things about REMOTE_USER.
>
> -peter
> --
> To unsubscribe from this list send an email to 
> users-unsubscribe at shibboleth.net
>
> ________________________________
>
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
> ______________________________________________________________________
> ________________
>
> www.accenture.com
> --
> To unsubscribe from this list send an email to 
> users-unsubscribe at shibboleth.net

--
Alan Buxey
Senior Verification Engineer

UNiDAYS
The world’s leading Student Affinity Network

Visit myunidays.com
Find us on Facebook
Learn more on our corporate site

UNiDAYS can verify 70% of the world's 200 million students across 32 countries

This email and any files transmitted with or attached to it contain information which is private, confidential and privileged. This information is intended solely for the use of the intended recipient to whom it is addressed.  If you are not the intended recipient, you are hereby notified that any disclosure, copying,  distribution, or the taking of any action in reliance on the contents of this electronic transmission is strictly prohibited, and that the information should be returned to MyUnidays Limited immediately.  If you have received this email in error please notify the sender immediately and permanently delete the original and any copies of this email and any attachments thereto. Thank you.
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: attribute-map.xml
Type: application/xml
Size: 9483 bytes
Desc: attribute-map.xml
URL: <http://shibboleth.net/pipermail/users/attachments/20170525/ffe8df8c/attachment-0001.wsdl>