Trouble with SP (BambooHR) - have taken debugging as far as I can
ostermmg at whitman.edu
Fri Jul 26 00:44:38 EDT 2019
I'm trying to get a 3rd-party SAML provider going (BambooHR), and after
debugging, it seems as if the URL I'm getting from the vendor is not
correct, or I have a misconfiguration in my AttributeFilterPolicy, as the
filter is not returning the mail attribute. They provide this:
After some digging around, I found the documentation to do a Regex match in
the Requester URL:
And came up with this:
<PolicyRequirementRule xsi:type="RequesterRegex" regex="^
<PermitValueRule xsi:type="ANY" />
I've got DEBUG on for net.shibboleth.idp, and from what I can tell,
the BambooHR-SAML policy is being evaluated, but it's not getting back the
"mail" attribute (or any other attributes, for that matter), which is
messages in lines 32-33 here:
I'm sure there's a simple explanation, but I've gotten as far as I can in
debugging this issue.
Thanks for any pointers!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users