"Login Unsuccessful" after configuring attribute release for https://issues.shibboleth.net/shibboleth
Borja, Matt
Matt.Borja at yc.edu
Fri Oct 4 12:01:45 EDT 2019
Hi,
We're trying to report a new issue with the recent upgrade to IdP 3.4.6 but are having some issues trying to use our IdP to login to https://issues.shibboleth.net/.
As per the Infrastructure Information<https://wiki.shibboleth.net/confluence/display/DEV/Infrastructure+Information> page, we have the following attributes configured:
* unique user identifier (urn:oasis:names:tc:SAML:attribute:subject-id)
* displayName (urn:oid:2.16.840.1.113730.3.1.241)
* mail (urn:oid:0.9.2342.19200300.100.1.3)
Below is a copy of the attribute statements we verified are coming through in our SAMLResponse during a debug session:
<saml2:AttributeStatement>
<saml2:Attribute FriendlyName="displayName" Name="urn:oid:2.16.840.1.113730.3.1.241"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>...</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>...</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="urn:oasis:names:tc:SAML:attribute:subject-id"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">...</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
Note: We are not using EPPN at this time, but are federated with InCommon so we are trying to do this by selecting our organization from the dropdown list on the Login page.
Any insight would be greatly appreciated. Thanks!
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20191004/14ce61f3/attachment.html>
More information about the users
mailing list