IDP 4 attribute release issue

Beytrison Olivier olivier.beytrison at hefr.ch
Fri Nov 20 14:45:14 UTC 2020 

So finally I think I found the error responsible for the missing attributes in the assertion :

2020-11-20 15:38:11,312 - 160.98.240.145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAttributeStatementToAssertion:184] - Profile Action AddAttributeStatementToAssertion: Attempting to encode attribute email as a SAML 2 Attribute
2020-11-20 15:38:11,312 - 160.98.240.145 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:321] - Profile Action AddAttributeStatementToAssertion: Attribute email does not have any transcoding rules, nothing to do
2020-11-20 15:38:11,312 - 160.98.240.145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAttributeStatementToAssertion:188] - Profile Action AddAttributeStatementToAssertion: Attribute email did not have SAML 2 Attribute transcoder instructions associated, nothing to do

And just before, the Filter leaves one value for email :
2020-11-20 15:38:11,294 - 160.98.240.145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:178] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'email' remained after filtering

How should I fix this ? :)

Thanks!
O.B.

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Beytrison Olivier
Sent: vendredi, 20 novembre 2020 15:34
To: users at shibboleth.net
Subject: IDP 4 attribute release issue

Hello,

I'm currently working on migrating our Shibboleth (Switch-AAI) IDP from 3.2 to 4.0.1.
I'm facing a very last issue for which I can't find any reason.

I'm logging on the AAI Attributes viewer tool to see if all attributes are released and present in the assertion.
I can successfully log in on the IDP. I get all the required attributes displayed in the user content dialog.
But on the SP and in the assertion, only half of them are presents.

I don't get any error in the the debug logs during the attribute resolver/release phase. So I guess something weird happen between the consent being accepted and the asssertion being sent.

Any idea where I should look for ?


Thanks,
Regards,
Olivier B.
--------------------------------------------------------------------
Olivier Beytrison                                   HES-SO//Fribourg
System Architect

More information about the users mailing list