Unable to include attributes in IdP Assertion

Zacharyzachary Pearson zpearson at hawk.iit.edu
Fri Feb 2 10:39:09 EST 2018


I’m attempting to include user information as attributes in the assertion that shibboleth responds with upon a successful log in. I’ve created attributes in Attribute-resolver.xml and a filter in attribute-filter.xml but the attribute does not get returned. Below are the attributes and the filter that I made

attribute-resolver.xml

    <AttributeDefinition xsi:type="Simple" id="uid" sourceAttributeID="uid">
        <Dependency ref="myLDAP" />
        <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
        <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
    </AttributeDefinition>

    <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
        ldapURL="ldap://localhost"
        baseDN="dc=shibbolethtesting,dc=com"
        principal="cn=Manager,dc=shibbolethtesting,dc=com"
        principalCredential="element"
        useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:false}"
        connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
        responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
        <FilterTemplate>
            <![CDATA[
                %{idp.attribute.resolver.LDAP.searchFilter}
            ]]>
        </FilterTemplate>
        <!-- <StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="sec:X509ResourceBacked">
            <sec:Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</sec:Certificate>
        </StartTLSTrustCredential> -->
    </DataConnector>



attribute-filter.xml

<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
        xmlns="urn:mace:shibboleth:2.0:afp"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">


        <AttributeRule attributeID="uid">
                <PermitValueRule xsi:type="ANY" />
        </AttributeRule>

</AttributeFilterPolicyGroup>




The log shows that it reads it properly and follows the dependencies but does not return anything. I’m at a loss of what might be the issue


More information about the users mailing list