shibboleth Idp attributes with vendor SP using Samly

[Jehan PROCACCIA]

Hello 
I am trying to connect to an SP using the Samly library ( [ https://hexdocs.pm/samly/ | https://hexdocs.pm/samly/ ] ) 
SSO SAML exchanges do seem to works fine , but although my shibboleth IDP (v3.3.1, trying also 4.0.1 ... ) does send attributes (mail required) to that SP , the SP doesn't seem to read/consume them . 
attribute consentment page does show in my web browser 
mail [ mailto:jehan.procaccia at imtbs-tsp.eu | jehan.procaccia at imtbs-tsp.eu ] 

idp Logs show the mail attribute beeing sent (I' ve tuned attribute-resolver-ldap and attribute-filter accordingly) 

2020-06-30 09:39:57,508 - INFO [Shibboleth-Consent-Audit.SSO:241] - 20200630T073957Z|recruitee|AttributeReleaseConsent|procacci|eduPersonAffiliation,eduPersonPrincipalName, mail ,uid||true,true,true,true 
2020-06-30 09:39:58,020 - INFO [Shibboleth-Audit.SSO:241] - 20200630T073958Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id159350278334557498112459464|recruitee| [ http://shibboleth.net/ns/profiles/saml2/sso/browser%7Chttps://idpdev.imtbs-tsp.eu/idp/shibboleth%7Curn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST%7C_f3ebd2a2a9daa2b82b2c2ca56e0d8237%7Cprocacci%7Curn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport%7Cuid,mail,eduPersonAffiliation,eduPersonPrincipalName%7CAAdzZWNyZXQxwSpUSitPxSmXP1JxAvZXo5KQuC/cqsDzaNuOKUX1R+Jhr7Q+152EA56poSnHtxN5pkxaZrq+DeKq/BRhfwKS8maplHicpVx2toRhrzkqMBU=%7C_069191cc01280baab086b257f0206648%7C | http://shibboleth.net/ns/profiles/saml2/sso/browser|https://idpdev.imtbs-tsp.eu/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f3ebd2a2a9daa2b82b2c2ca56e0d8237|procacci|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,mail,eduPersonAffiliation,eduPersonPrincipalName|AAdzZWNyZXQxwSpUSitPxSmXP1JxAvZXo5KQuC/cqsDzaNuOKUX1R+Jhr7Q+152EA56poSnHtxN5pkxaZrq+DeKq/BRhfwKS8maplHicpVx2toRhrzkqMBU=|_069191cc01280baab086b257f0206648| ] 

But the SP provider keeps replying that the attribute Mail wasn't received . 

Do you know of other success attributes exchange with Samly lib ? 
do you think I should change settings on my IDP side to enable the Mail attribute to be received on the SP side ? 

For example in my idp-metadata.xml that I sent to that SP I see AttributeService Binding SAML2 commented, allowing that SOAP AttributeQuery could be a workaround ? 

<AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idpdev.imtbs-tsp.eu:8443/idp/profile/SAML1/SOAP/AttributeQuery"/> 
<!-- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idpdev.imtbs-tsp.eu:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> --> 
<!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above --> 

Thanks . 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200709/f8dc8739/attachment.htm>