Attribute mapping on new SP3 install
peter.schober at univie.ac.at
Tue May 14 12:14:13 EDT 2019
* HCUK eLearning <daveperryatwork at gmail.com> [2019-05-14 17:44]:
> I have just installed a new SP3 on Windows. For some reason, the
> eduPersonPrincipalName is not coming through (when, using PHP, I render out
> the HTTP headers) using the default attribute-map.xml file. mail and
> eduPersonScopedAffiliation are, and my IdP is definitely sending the eppn
Access /Shibboleth.sso/Session instead, avoids guesswork about the
tooling / methods used to determine what's there or not.
The transaction log also shows successfully recieved attributes.
And (to expand slightly on what Nate said) looking for lines with
'skipping' in shibd log will show what attributes the IDP sent but the
SP specifically didn't map (no need for DEBUG here, though).
If the logs and /Shibboleth.sso/Session all confirm that the attribute
is there then your methods of determining that have been shown to be
insufficient/wrong (what Rod hinted at).
More information about the users