skipping unmapped SAML 2.0 Attribute with Name
Peter Schober
peter.schober at univie.ac.at
Thu Jul 16 10:43:31 UTC 2020
* VSK Manikanta <krishnamanikanta.v at gmail.com> [2020-07-16 11:08]:
> When I`m logging into my application through the browser it gives It
> works! Statement.
Something like this? https://webwork.math.arizona.edu/
That's just the "Apache2 Debian Default Page" (or "Apache2 Ubuntu
Default Page") that itself explains why it's there and how to replace
it with your own content.
https://duckduckgo.com/?q=%22It+works!%22+default+page
> but in Shibd.log getting as below INFO
> Shibboleth.AttributeExtractor.XML [1] [default]: skipping unmapped
> SAML 2.0 Attribute with Name: uid,
> Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
Whatever the relation to your above observation, that also just means
what it says: the SAML IDP sent an attribute called "uid" with 'basic'
NameFormat and your SP is not configured to do anything with that.
The Fine Documentation explains how to do that, once you manage to
locate the right section:
https://wiki.shibboleth.net/confluence/display/SP3/XMLAttributeExtractorExamples#XMLAttributeExtractorExamples-HackyNaming
So in this case you'd have to add a line with
<Attribute name="uid" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" id="uid"/>
into your SP's /etc/shibboleth/attribute-map.xml, anywhere within the
enclosing <Attributes> element that makes up the content of this file.
Then restart the SP.
> And the my application is not logged in and says time out
There could be a million reasons for that, but if the application
expects to recieve the "uid" attribute via whatever integration method
from your web server (via Shibboleth) then not mapping uid from SAML
to an internal attribute would be one part of the puzzle.
-peter
More information about the users
mailing list