Possible bug with Shib IdP v4.0.0

Rod Widdowson rdw at steadingsoftware.com
Sat Apr 18 11:16:49 EDT 2020

> This is the entire AttributeConsumingService element that is causing problems, and we have more than 1 SP that is causing the error.

I'd be interested in your metadata configuration if you can share it.  

But if best (to save us time)  would be to turn up the size of the exception stack in the logging and reproduce this and provide the stack. In logback.xml, find the line:

            <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>

And replace with

            <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>

ex{short} becomes ex{full}


>         <AttributeConsumingService index="1">
>             <ServiceName xml:lang="en"/>
>             <RequestedAttribute FriendlyName="eduPersonAffiliation" Name="urn:oid:"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
>             <RequestedAttribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>
>             <RequestedAttribute FriendlyName="sn" Name="urn:oid:" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-
> format:uri" isRequired="false"/>
>             <RequestedAttribute FriendlyName="givenName" Name="urn:oid:"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
>             <RequestedAttribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/>
>         </AttributeConsumingService>
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list