Equifax SP and Shibboleth IDP

Zico mailzico at gmail.com
Tue Nov 26 01:48:22 EST 2019

Thanks Peter.

Interesting thing is ... my log was in DEBUG and there wasn't any
"<saml2:AttributeStatement> ..... </saml2:AttributeStatement>" snippet
But when I replaced their supplied metadata with InCommon published one....
IDP started sending attribute to SPs.

So far, I used to know that it's IDP which actually make decision on
sending / not sending attributes to SP but seems like SP has a big part
here in this transaction as well. Never seen this before!

On Mon, Nov 25, 2019 at 10:45 AM Peter Schober <peter.schober at univie.ac.at>

> * Zico <mailzico at gmail.com> [2019-11-25 17:36]:
> > My initial issue is: I don't see any attribute being released from IDP
> side
> > OR it's inside `CipherData` snippet. Playing with
> "idp.encryption.optional
> > == true" and relying party isn't helping much to decipher that CipherData
> > snippet.
> That's not how you'd find out what your own IDP sends. You'd use:
> * aacli, to simulate what would be going out, and/or
> * your own log files, tuned as needed, e.g. by setting
>   <logger name="PROTOCOL_MESSAGE" level="DEBUG" />
>   and reloading your logging config (or waiting 10 min for it to
>   become active).
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191126/0f5a5b5e/attachment.html>

More information about the users mailing list