Trouble with SP (BambooHR) - have taken debugging as far as I can
Peter Schober
peter.schober at univie.ac.at
Fri Jul 26 06:18:48 EDT 2019
* Mike Osterman <ostermmg at whitman.edu> [2019-07-26 06:45]:
> After some digging around, I found the documentation to do a Regex match in
> the Requester URL:
> https://wiki.shibboleth.net/confluence/display/IDP30/RequesterRegexConfiguration
>
> And came up with this:
> <AttributeFilterPolicy id="BambooHR-SAML">
> <PolicyRequirementRule xsi:type="RequesterRegex" regex="^
> https://whitmansandbox.bamboohr.com/.*$" />
Regexes shouldn't be necessary. I'm guessing your tenant SP is only
that: One (1) SP with one (1) unchanging entityID. Just providing the
correct entityID there (cf. the metadata you added for that SP) should
suffice?
But either way it still doesn't match:
> causing the
> net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator
> messages in lines 32-33 here:
> https://gist.github.com/ostertoaster/3d322c8d2c9a48d9f8c3bb34cd7e12d0
Line 11 already states that the policy didn't apply, hence no
attributes and no attribute-sourced NameID:
> Attribute Filter Policy 'BambooHR-SAML' Policy is not active for this request
-peter
More information about the users
mailing list