Trouble with SP (BambooHR) - have taken debugging as far as I can

Mike Osterman ostermmg at
Fri Jul 26 00:44:38 EDT 2019


I'm trying to get a 3rd-party SAML provider going (BambooHR), and after
debugging, it seems as if the URL I'm getting from the vendor is not
correct, or I have a misconfiguration in my AttributeFilterPolicy, as the
filter is not returning the mail attribute. They provide this:


After some digging around, I found the documentation to do a Regex match in
the Requester URL:

And came up with this:
    <AttributeFilterPolicy id="BambooHR-SAML">
        <PolicyRequirementRule xsi:type="RequesterRegex" regex="^*$" />
        <AttributeRule attributeID="mail">
            <PermitValueRule xsi:type="ANY" />

I've got DEBUG on for net.shibboleth.idp, and from what I can tell,
the BambooHR-SAML policy is being evaluated, but it's not getting back the
"mail" attribute (or any other attributes, for that matter), which is
causing the
messages in lines 32-33 here:

I'm sure there's a simple explanation, but I've gotten as far as I can in
debugging this issue.

Thanks for any pointers!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list