IDP 3.3.2 CAS protocol and alternate CAS username difficulty

Michael A Grady mgrady at unicon.net
Thu Apr 12 16:17:51 EDT 2018


> On Apr 12, 2018, at 2:53 PM, Mak, David <d.mak at northeastern.edu> wrote:
> 
> Thank you, Michael. The logs indicate that our relaying party configuration, which was essentially that example, modified as below, seems to be matched to the configuration, but the results just don’t match. To answer Scott’s comment, if I comment out/remove the SAML1NameIdentifierGenerators in the saml-nameid.xml config, I get the following exception:
> 
> 2018-04-12 15:12:05,035 - DEBUG [net.shibboleth.idp.cas.flow.impl.PrepareTicketValidationResponseAction:93] - Filtered attribute neuEduNUID has no value
> 2018-04-12 15:12:05,036 - ERROR [net.shibboleth.idp.cas:-2] - Uncaught runtime exception
> java.lang.IllegalStateException: Principal cannot be null

As Scott said, I don't think the saml-nameid.xml config has anything to do with CAS. (If it does, that is a new knowledge for me also.)  The above says "Filtered attribute neuEduNUID has no value". Do you have an attribute with an ID of 'neuEduNUID' defined in your resolver, and does the resolver logging show that it successfully got populated with a value?

--
Michael A. Grady
IAM Architect, Unicon, Inc.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180412/edbad907/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://shibboleth.net/pipermail/users/attachments/20180412/edbad907/attachment.sig>


More information about the users mailing list