Trouble with SP (BambooHR) - have taken debugging as far as I can

Peter Schober peter.schober at
Fri Jul 26 06:18:48 EDT 2019

* Mike Osterman <ostermmg at> [2019-07-26 06:45]:
> After some digging around, I found the documentation to do a Regex match in
> the Requester URL:
> And came up with this:
>     <AttributeFilterPolicy id="BambooHR-SAML">
>         <PolicyRequirementRule xsi:type="RequesterRegex" regex="^
>*$" />

Regexes shouldn't be necessary. I'm guessing your tenant SP is only
that: One (1) SP with one (1) unchanging entityID. Just providing the
correct entityID there (cf. the metadata you added for that SP) should
But either way it still doesn't match:

> causing the
> net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator
> messages in lines 32-33 here:

Line 11 already states that the policy didn't apply, hence no
attributes and no attribute-sourced NameID:

> Attribute Filter Policy 'BambooHR-SAML'  Policy is not active for this request


More information about the users mailing list