saml2 response missing <saml2:Subject> tag
Pablo Vidaurri
psvidaurri at gmail.com
Mon Mar 30 09:25:37 EDT 2020
There is nothing unusual in the logs except for the following for SP's
whose metadata has NameId as unspecified:
Ignoring NameIDFormat metadata that includes the 'unspecified' format.
using Firefox's saml tracer, the saml response as no subject tag in it
unless it is part of the encoded EncryptedData tag.
I did update c14n/attribute-sourced-subject-c14n-config.xml to use uid as
the attribute to use (default altuid) and I am releasing uid in attr
resolver/filter but still no subject tag in the response.
To clarify, in op I mentioned errors on the saml response. It is the SP is
saying they are getting errors on their end while processing the saml
response. The response does contain a successful status and
encryptedAssertion tag:
<saml2p:Status> <saml2p:StatusCode Value=
"urn:oasis:names:tc:SAML:2.0:status:Success" /> </saml2p:Status>
-psv
On Mon, Mar 30, 2020 at 7:20 AM Cantor, Scott <cantor.2 at osu.edu> wrote:
> > Hi, I'm using shib idp 3.4.6. I have several sp's working fine. We are
> bringing in
> > a new SP but getting errors on the saml response. They are claiming the
> issue is
> > due to lack of <saml2:Subject> in the response. How is this this tag
> enabled and
> > configured in shib?
>
> There is nothing the IdP would generate without a Subject element unless
> it were an error response.
>
> Did you check the logs with appropriate tracing on to confirm this?
>
> -- Scott
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200330/f1c4d24c/attachment.html>
More information about the users
mailing list