skipping unmapped SAML 2.0 Attribute with Name

Peter Schober peter.schober at
Thu Jul 16 10:43:31 UTC 2020

* VSK Manikanta <krishnamanikanta.v at> [2020-07-16 11:08]:

> When I`m logging into my application through the browser it gives It
> works! Statement.

Something like this?

That's just the "Apache2 Debian Default Page" (or "Apache2 Ubuntu
Default Page") that itself explains why it's there and how to replace
it with your own content.!%22+default+page

> but in Shibd.log getting as below INFO
> Shibboleth.AttributeExtractor.XML [1] [default]: skipping unmapped
> SAML 2.0 Attribute with Name: uid,
> Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic

Whatever the relation to your above observation, that also just means
what it says: the SAML IDP sent an attribute called "uid" with 'basic'
NameFormat and your SP is not configured to do anything with that.

The Fine Documentation explains how to do that, once you manage to
locate the right section:

So in this case you'd have to add a line with

<Attribute name="uid" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" id="uid"/>

into your SP's /etc/shibboleth/attribute-map.xml, anywhere within the
enclosing <Attributes> element that makes up the content of this file.
Then restart the SP.

> And the my application is not logged in and says time out

There could be a million reasons for that, but if the application
expects to recieve the "uid" attribute via whatever integration method
from your web server (via Shibboleth) then not mapping uid from SAML
to an internal attribute would be one part of the puzzle.


More information about the users mailing list