IDP 4 attribute release issue
olivier.beytrison at hefr.ch
Fri Nov 20 14:45:14 UTC 2020
So finally I think I found the error responsible for the missing attributes in the assertion :
2020-11-20 15:38:11,312 - 22.214.171.124 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAttributeStatementToAssertion:184] - Profile Action AddAttributeStatementToAssertion: Attempting to encode attribute email as a SAML 2 Attribute
2020-11-20 15:38:11,312 - 126.96.36.199 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:321] - Profile Action AddAttributeStatementToAssertion: Attribute email does not have any transcoding rules, nothing to do
2020-11-20 15:38:11,312 - 188.8.131.52 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAttributeStatementToAssertion:188] - Profile Action AddAttributeStatementToAssertion: Attribute email did not have SAML 2 Attribute transcoder instructions associated, nothing to do
And just before, the Filter leaves one value for email :
2020-11-20 15:38:11,294 - 184.108.40.206 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:178] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'email' remained after filtering
How should I fix this ? :)
From: users <users-bounces at shibboleth.net> On Behalf Of Beytrison Olivier
Sent: vendredi, 20 novembre 2020 15:34
To: users at shibboleth.net
Subject: IDP 4 attribute release issue
I'm currently working on migrating our Shibboleth (Switch-AAI) IDP from 3.2 to 4.0.1.
I'm facing a very last issue for which I can't find any reason.
I'm logging on the AAI Attributes viewer tool to see if all attributes are released and present in the assertion.
I can successfully log in on the IDP. I get all the required attributes displayed in the user content dialog.
But on the SP and in the assertion, only half of them are presents.
I don't get any error in the the debug logs during the attribute resolver/release phase. So I guess something weird happen between the consent being accepted and the asssertion being sent.
Any idea where I should look for ?
Olivier Beytrison HES-SO//Fribourg
More information about the users