Hello!

Thu Jul 16 17:25:19 UTC 2020

Hello Peter,

Thank you for your response,

Skipping unmapped attribute error has been resolved and able to create
session

Shibboleth.SessionCache [1] [default]: new session created: ID
(_000b14694712c7b9c980b4cd9f70baa4) IdP (3nbhje3wo7et)
Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address
(fe81::959b:7e7a:ba83:14v9)

But problem now is,I am not able to login to my application, where error
states *The single sign on login cancelled*

Can you help in navigating this issue?

Thanks & Regards,
Krishna Manikanta
Krishnamanikanta.v at gmail.com

On Thu, Jul 16, 2020 at 6:32 PM Peter Schober <peter.schober at univie.ac.at>
wrote:

> Please keep replies to the list. Community support for
> Free/Libre/OpenSource software doesn't work with private messages.
>
> * VSK Manikanta <krishnamanikanta.v at gmail.com> [2020-07-16 14:19]:
> > I have added the line that you have mentioned
> >
> > line 16  <Attribute name="urn:oid:2.5.4.4" id="TeamcenterUserID" >
> > line 17          <Attribute name="TeamcenterUserID"
> nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
> id="TeamcenterUserID"/>
> > line 18  </Attribute>
>
> That's not correct and also doesn't make any sense. Why would you
> nest an Attribute with one name within an Attribute with another name?
> If you're unsure and the documentation doesn't help at least look at
> the default version of the file you're changing. That should
> illustrate how to have multiple 'Attribute' XML elements in there.
>
> Also, "urn:oid:2.5.4.4" is the standard name for surname, so I
> wouldn't change that definition. Unless the IDP is misconfiguired and
> actually sends "TeamcenterUserID" in the attribute meant for a
> person's surname. Weird and nonsensical, but technically possible.
>
> So move the 'Attribute' XML element for the "TeamcenterUserID" SAML
> attribute name to become a sibling to all the other 'Attribute' XML
> elements in that file, instead of as a child element of one of them:
>
> <Attribute name="urn:oid:2.5.4.4" id="TeamcenterUserID"/>
> <Attribute name="TeamcenterUserID"
> nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
> id="TeamcenterUserID"/>
>
> > I am using TeamcenterUserID as id earlier I was using uid
>
> You're free to do whatever you want, esp assigning whatever internal
> id to the attribute mapped from SAML as that will be private to the SP
> you're doing that on.
> But the 'name' XML attribute must match the SAML Attribute Name as
> sent on the wire. And from the log you shared earlier the IDP sends
> the "uid" attribute:
>
> > Shibboleth.AttributeExtractor.XML [1] [default]: skipping unmapped
> > SAML 2.0 Attribute with Name: uid,
> > Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
>
> So unless the IDP now sends something else you'd still have to map the
> "uid" attribute to whatever internal id you prefer.
>
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200716/8fedfb86/attachment.htm>