Error resolving attributes
Hong Ye
hy93 at cornell.edu
Fri Aug 31 14:25:15 EDT 2018
Hi Nate,
Thanks for the reply. I searched IDP log and found “Error resolving attributes” occurred when IDP failed to connect to one of our LDAP servers. We have multiple LDAP server urls specified in ldapURL. How to configure IDP to retry using the next ldap url in the list?
The default value of noResultIsError is false. If I set it to true, will IDP display error page when this happens?
Thanks,
Hong
From: users <users-bounces at shibboleth.net> on behalf of Nate Klingenstein <ndk at sudonym.me>
Reply-To: Shib Users <users at shibboleth.net>
Date: Friday, August 31, 2018 at 2:10 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Error resolving attributes
Hong,
Your IdP will usually send an assertion with an AuthenticationStatement but no AttributeStatement at all. The SP will not see this as an error and it’s not an error in SAML because attributes aren’t mandatory and you can’t know whether the IdP meant to send any.
Hope this helps,
Nate.
Semt frim mt iPone
On Aug 31, 2018, at 9:17 AM, Hong Ye <hy93 at cornell.edu<mailto:hy93 at cornell.edu>> wrote:
Hello,
I saw “Error resolving attributes” in IDP process log and I found corresponding entry in IDP audit log which has no attribute released. When this error occurred, what was status shown in SAML assertion?
Thanks,
Hong
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180831/c4e33d17/attachment.html>
More information about the users
mailing list