Equifax SP and Shibboleth IDP
Zico
mailzico at gmail.com
Tue Nov 26 01:48:22 EST 2019
Thanks Peter.
Interesting thing is ... my log was in DEBUG and there wasn't any
"<saml2:AttributeStatement> ..... </saml2:AttributeStatement>" snippet
there.
But when I replaced their supplied metadata with InCommon published one....
IDP started sending attribute to SPs.
So far, I used to know that it's IDP which actually make decision on
sending / not sending attributes to SP but seems like SP has a big part
here in this transaction as well. Never seen this before!
On Mon, Nov 25, 2019 at 10:45 AM Peter Schober <peter.schober at univie.ac.at>
wrote:
> * Zico <mailzico at gmail.com> [2019-11-25 17:36]:
> > My initial issue is: I don't see any attribute being released from IDP
> side
> > OR it's inside `CipherData` snippet. Playing with
> "idp.encryption.optional
> > == true" and relying party isn't helping much to decipher that CipherData
> > snippet.
>
> That's not how you'd find out what your own IDP sends. You'd use:
>
> * aacli, to simulate what would be going out, and/or
>
> * your own log files, tuned as needed, e.g. by setting
> <logger name="PROTOCOL_MESSAGE" level="DEBUG" />
> and reloading your logging config (or waiting 10 min for it to
> become active).
>
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
--
Best,
Zico
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191126/0f5a5b5e/attachment.html>
More information about the users
mailing list