SAML Proxying - KB article referencing files that don't exist in a clean install of v4.1.4
Anthony K
ak.shib at anroet.com
Wed Aug 4 08:02:14 UTC 2021
On 4/8/21 4:30 pm, Anthony K wrote:
> On 2/8/21 8:06 pm, Ian Young wrote:
>>
>>
>>> On 2021-08-02, at 10:56, Ian Young <ian at iay.org.uk <mailto:ian at iay.org.uk>> wrote:
>>>
>>> The documentation covers both 4.0 and 4.1. You need to be careful that you're reading the sections applicable to the version you're installing.
>>
>> Sorry, I got ahead of myself somehow. The KB page you referenced is indeed a little out of date and won't work for 4.1. I've changed it to say that it only applies to 4.0; someone more familiar with the system would need to update it properly.
>>
>> The page I quoted from is: https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1282539600/SAMLAuthnConfiguration <https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1282539600/SAMLAuthnConfiguration>
>> It covers both versions.
>>
>> -- Ian
>
> Thanks Ian. I'm nearly there but not quite.
>
> Using the new URL you provided [0], There is also mention of files that do not exist in v4.1.4 IdP - such as [1] and [2].
>
> I've attempted to add what is mentioned at [3] into [4] but c14n is failing with:
>
> Profile Action AttributeSourcedSubjectCanonicalization: No attributes found, canonicalization not possible
>
> I have turned logging way up and it is producing an enormous amount of data - I don't think it's appropriate to post the log in its entirety in an email. Let me know what settings for logback.xml are appropriate so I can post here and potentially resolve this much sooner. Alternatively, I could post on pastebin if that is a preferred option.
>
> This is my first foray into SAML Proxying to another IdP - I feel like I'm missing something fundamental.
>
> Regards,
> ak.
>
>
> [0]: https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1282539600/SAMLAuthnConfiguration
> [1]: conf/authn/saml-authn-config.xml ### not sure I need this ###
> [2]: attribute-sourced-subject-c14n-config.xml ### should it be [4] ###
> [3]: https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1282539600/SAMLAuthnConfiguration#attribute-sourced-subject-c14n-config.xml
> [4]: conf/c14n/subject-c14n.xml
>
Never mind Ian, it's all sorted now. And yes, I had to plug instructions at [3] into [4] being that [2] is non-existent on v4.1.4.
I just might write up a blog somewhere to help the next poor soul that, like me, tend to rely too heavily on the Shibboleth documentation not knowing that some tidbits are not explicitly mentioned in the docs but are implied in the configuration files.
Cheers,
ak.
More information about the users
mailing list