skipping unmapped SAML 2.0 Attribute with Name

VSK Manikanta krishnamanikanta.v at gmail.com
Tue Jul 28 16:59:18 UTC 2020 

Hello,

Shibboleth is configured with RSA and configuration is successful.
When I`m calling my application, Shibboleth routing to authentication where
authentication in RSA is getting successful and the browser says "it works"
and stops there but it should route back to the final url (Highlighted
below).

Can anyone help me out, how to direct to final URL from Shibboleth


DEBUG - 2020/07/28-16:44:21.907 UTC - [16]
AbstractResourceLookupService:getBundle(-1): ResourceLookupService got
bundle from cache com.teamcenter.SessionAgent.text.TextBundle_en_US
DEBUG - 2020/07/28-16:44:22.704 UTC - [23]
TcSSCommonHttpSessionHandler:getSession(-1): Pinging Login Service
</tcLoginService/weblogin/home>
DEBUG - 2020/07/28-16:44:22.813 UTC - [23]
TcSSCommonHttpSessionHandler:getSession(-1): No exception after pinging
</tcLoginService/weblogin/home>
DEBUG - 2020/07/28-16:44:22.813 UTC - [23]
TcSSCommonHttpSessionHandler:getSession(-1): Response: 200
INFO  - 2020/07/28-16:44:22.813 UTC - [23]
TcSSCommonHttpSessionHandler:getSession(-1): AUTHENTICATED flag is null
DEBUG - 2020/07/28-16:44:22.813 UTC - [23]
TcSSCommonHttpSessionHandler:getSession(-1): finalURI: *
http://houtmctrwap01.vitro.com:8081/tcLoginService/weblogin/login_redirect?TCSSORURI=/AgentRequest/AppToken&session_agent_url=http://localhost:62593/AgentRequest/AppToken&session_agent_id=8036424e-a1df-4af8-bf9b-8df08d4555aa&PUBLICKEY=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY-Wlac7LGZOJPikbhTLvhfBAacMkqsH2FdRPRQeWI9ZHf1c9sxh54VtY51xJn-UAhs2zxoLCGbe_zDYTtVrLpgFJMp83OaDE5lqYUTsSeUk_689s7nkyMFQUVqoAtvX3i4O2Q8MTsUs6wfo80gbrL2-3gtgD4kWSp4yTzFo-1EQIDAQAB&TCSSOAPPID=TCSSOLoginService
<http://houtmctrwap01.vitro.com:8081/tcLoginService/weblogin/login_redirect?TCSSORURI=/AgentRequest/AppToken&session_agent_url=http://localhost:62593/AgentRequest/AppToken&session_agent_id=8036424e-a1df-4af8-bf9b-8df08d4555aa&PUBLICKEY=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY-Wlac7LGZOJPikbhTLvhfBAacMkqsH2FdRPRQeWI9ZHf1c9sxh54VtY51xJn-UAhs2zxoLCGbe_zDYTtVrLpgFJMp83OaDE5lqYUTsSeUk_689s7nkyMFQUVqoAtvX3i4O2Q8MTsUs6wfo80gbrL2-3gtgD4kWSp4yTzFo-1EQIDAQAB&TCSSOAPPID=TCSSOLoginService>*
INFO  - 2020/07/28-16:44:22.829 UTC - [23]
TcSSCommonHttpSessionHandler:getSession(-1): Browser process:
 java.lang.ProcessImpl at 22ef4171
INFO  - 2020/07/28-16:44:22.829 UTC - [23] OsUtil:getHardTimeout(-1): Hard
Timeout value 150
INFO  - 2020/07/28-16:46:52.839 UTC - [23]
TcSSCommonHttpSessionHandler:getSession(-1): User cancelled Login attempt
INFO  - 2020/07/28-16:46:52.839 UTC - [23] TcSSSessionHandler:execute(-1):
SSOLoginCancelledException: User cancelled Login attempt



Thanks & Regards,
Sree Krishna Manikanta


On Thu, Jul 16, 2020 at 4:13 PM Peter Schober <peter.schober at univie.ac.at>
wrote:

> * VSK Manikanta <krishnamanikanta.v at gmail.com> [2020-07-16 11:08]:
>
> > When I`m logging into my application through the browser it gives It
> > works! Statement.
>
> Something like this? https://webwork.math.arizona.edu/
>
> That's just the "Apache2 Debian Default Page" (or "Apache2 Ubuntu
> Default Page") that itself explains why it's there and how to replace
> it with your own content.
>
> https://duckduckgo.com/?q=%22It+works!%22+default+page
>
> > but in Shibd.log getting as below INFO
> > Shibboleth.AttributeExtractor.XML [1] [default]: skipping unmapped
> > SAML 2.0 Attribute with Name: uid,
> > Format:urn:oasis:names:tc:SAML:2.0:attrname-format:basic
>
> Whatever the relation to your above observation, that also just means
> what it says: the SAML IDP sent an attribute called "uid" with 'basic'
> NameFormat and your SP is not configured to do anything with that.
>
> The Fine Documentation explains how to do that, once you manage to
> locate the right section:
>
> https://wiki.shibboleth.net/confluence/display/SP3/XMLAttributeExtractorExamples#XMLAttributeExtractorExamples-HackyNaming
>
> So in this case you'd have to add a line with
>
> <Attribute name="uid"
> nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" id="uid"/>
>
> into your SP's /etc/shibboleth/attribute-map.xml, anywhere within the
> enclosing <Attributes> element that makes up the content of this file.
> Then restart the SP.
>
> > And the my application is not logged in and says time out
>
> There could be a million reasons for that, but if the application
> expects to recieve the "uid" attribute via whatever integration method
> from your web server (via Shibboleth) then not mapping uid from SAML
> to an internal attribute would be one part of the puzzle.
>
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200728/1d56371b/attachment.htm>

More information about the users mailing list