Anyone have any success setting up with Starfishsolutions?

Melvin Lasky melvin.lasky at manhattan.edu
Wed May 8 17:09:53 EDT 2019 

Ok I figured it out. It was the ole’

        <bean parent="RelyingPartyByName" c:relyingPartyIds="urn:saml:starfishsolutions:v1:manhattan-test_starfish-sp-2019-2024-production">
            <property name="profileConfigurations">
                <list>
                    <bean parent="SAML2.SSO" p:encryptAssertions="false" />
                </list>
            </property>
        </bean>

Once that was added, everything started working.

Have a great night!

Mel

Melvin Lasky
Associate Director of Enterprise Architecture





Riverdale, NY 10471
Phone: 718-862-7410
melvin.lasky at manhattan.edu <mailto:melvin.lasky at manhattan.edu>
www.manhattan.edu <http://www.manhattan.edu/>




> On May 7, 2019, at 9:42 AM, Melvin Lasky <melvin.lasky at manhattan.edu> wrote:
> 
> Hey all,
> 	We are trying to implement Shibboleth with Starfishsolutions…..
> 
> We are continuing to get a 
> 
> You do not have a user account in the Starfish system.
> 
> Please contact your system administrator if you should have or would like to gain access to this application.
> 
>> 
> What concerns me is this… In my attribute-filter, I tried as a regex https://*.starfishsolutions.com/* <https://*.starfishsolutions.com/*> etc…. 
> 
> <AttributeFilterPolicy id="releaseForSTARFISH" >
>   <PolicyRequirementRule xsi:type="RequesterRegex" regex="https:\/\/.*\.starfishsolutions\.com\/.*\/.*" /> 
>   <AttributeRule attributeID="eduPersonPrincipalName">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="displayName">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="mail">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>    <AttributeRule attributeID="surname">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="givenName">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="eduPersonAffiliation">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="uid">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
> </AttributeFilterPolicy>
> 
> Didn’t work. I also tried this:
> 
> <AttributeFilterPolicy id="releaseForSTARFISH" >
>   <PolicyRequirementRule xsi:type="Requester" value="urn:saml:starfishsolutions:v1:manhattan-test_starfish-sp-2019-2024-production" /> 
>   <AttributeRule attributeID="eduPersonPrincipalName">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="displayName">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="mail">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>    <AttributeRule attributeID="surname">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="givenName">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="eduPersonAffiliation">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
>   <AttributeRule attributeID="uid">
>     <PermitValueRule xsi:type="ANY" />
>   </AttributeRule>
> </AttributeFilterPolicy>
> 
> Both have same result
> 
> When I look at the logs, what I notice is this:
> 
> shib-idp;idp-process.log;dev;nothing; - [149.61.2.59]2019-05-07 13:36:47,435 - INFO [Shibboleth-Audit.SSO:275] - 20190507T133647Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|a1gd9hb4b8cahc0f4e775c0778fa6i4|urn:saml:starfishsolutions:v1:manhattan-test_starfish-sp-2019-2024-production|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://ourshibbolethserver.manhattan.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c9c7ed626a291e8be9b328a6a99534e9|melvin.lasky|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,mail,surname,givenName,eduPersonPrincipalName|AAdzZWNyZXQxfzIVftcT7532TD2JqJInMnzix0aGjqTF8d+kGWDuE0G8W+A4fTv5ZKJiHVh8lZE9uLStuOhdU/xcV0yXgTsrDf0wLi4ztNpCbdrZsM9TDJBnTlkDzlK0UiIWOR5crwRSI66OPH176Asy6m6Qx1erS0cHwr6ByRbpjhEMsx+KXl3UpPkELS5DkSAFIIKA/A==|_4fdc3ba871d1cb09e3c521a07eff1e12| <http://shibboleth.net/ns/profiles/saml2/sso/browser|https://ourshibbolethserver.manhattan.edu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c9c7ed626a291e8be9b328a6a99534e9|melvin.lasky|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,mail,surname,givenName,eduPersonPrincipalName|AAdzZWNyZXQxfzIVftcT7532TD2JqJInMnzix0aGjqTF8d+kGWDuE0G8W+A4fTv5ZKJiHVh8lZE9uLStuOhdU/xcV0yXgTsrDf0wLi4ztNpCbdrZsM9TDJBnTlkDzlK0UiIWOR5crwRSI66OPH176Asy6m6Qx1erS0cHwr6ByRbpjhEMsx+KXl3UpPkELS5DkSAFIIKA/A==|_4fdc3ba871d1cb09e3c521a07eff1e12|>
> 
> First, I don’t see it coming from an https://* <https://*/> address like my other requests, I see it coming from urn:saml:starfishsolutions:v1:manhattan-test_starfish-sp-2019-2024-production
> 
> Also, it looks like it is sending the attributes, but not the ones I selected? uid,mail,surname,givenName,eduPersonPrincipalName
> 
> Do you think it’s something on our side or their side? Also, why can’t I get the attributes I listed to be released, and why is it releasing those attributes? Any help will be greatly appreciated.
> 
> Thanks
> 
> Mel
> 
> Melvin Lasky
> Associate Director of Enterprise Architecture
> 
> <email_logo.jpg>
> 
> 
> 
> Riverdale, NY 10471
> Phone: 718-862-7410
> melvin.lasky at manhattan.edu <mailto:melvin.lasky at manhattan.edu>
> www.manhattan.edu <http://www.manhattan.edu/>
> 
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190508/9800c8bd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: email_logo.jpg
Type: image/jpeg
Size: 7478 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20190508/9800c8bd/attachment.jpg>

More information about the users mailing list