krishnamanikanta.v at gmail.com
Thu Jul 16 17:25:19 UTC 2020
Thank you for your response,
Skipping unmapped attribute error has been resolved and able to create
Shibboleth.SessionCache  [default]: new session created: ID
(_000b14694712c7b9c980b4cd9f70baa4) IdP (3nbhje3wo7et)
But problem now is,I am not able to login to my application, where error
states *The single sign on login cancelled*
Can you help in navigating this issue?
Thanks & Regards,
Krishnamanikanta.v at gmail.com
On Thu, Jul 16, 2020 at 6:32 PM Peter Schober <peter.schober at univie.ac.at>
> Please keep replies to the list. Community support for
> Free/Libre/OpenSource software doesn't work with private messages.
> * VSK Manikanta <krishnamanikanta.v at gmail.com> [2020-07-16 14:19]:
> > I have added the line that you have mentioned
> > line 16 <Attribute name="urn:oid:18.104.22.168" id="TeamcenterUserID" >
> > line 17 <Attribute name="TeamcenterUserID"
> > line 18 </Attribute>
> That's not correct and also doesn't make any sense. Why would you
> nest an Attribute with one name within an Attribute with another name?
> If you're unsure and the documentation doesn't help at least look at
> the default version of the file you're changing. That should
> illustrate how to have multiple 'Attribute' XML elements in there.
> Also, "urn:oid:22.214.171.124" is the standard name for surname, so I
> wouldn't change that definition. Unless the IDP is misconfiguired and
> actually sends "TeamcenterUserID" in the attribute meant for a
> person's surname. Weird and nonsensical, but technically possible.
> So move the 'Attribute' XML element for the "TeamcenterUserID" SAML
> attribute name to become a sibling to all the other 'Attribute' XML
> elements in that file, instead of as a child element of one of them:
> <Attribute name="urn:oid:126.96.36.199" id="TeamcenterUserID"/>
> <Attribute name="TeamcenterUserID"
> > I am using TeamcenterUserID as id earlier I was using uid
> You're free to do whatever you want, esp assigning whatever internal
> id to the attribute mapped from SAML as that will be private to the SP
> you're doing that on.
> But the 'name' XML attribute must match the SAML Attribute Name as
> sent on the wire. And from the log you shared earlier the IDP sends
> the "uid" attribute:
> > Shibboleth.AttributeExtractor.XML  [default]: skipping unmapped
> > SAML 2.0 Attribute with Name: uid,
> > Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
> So unless the IDP now sends something else you'd still have to map the
> "uid" attribute to whatever internal id you prefer.
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users