OIDC config issue
Mohamed Lrhazi
lrhazi at cua.edu
Fri Aug 27 21:07:22 UTC 2021
Hello,
With the below stanzas in my attribute-filter.xml, my tests with RP
example.com fail with error:
Unable to produce a viable 'sub' claim
If I comment out or remove the second AttributeFilterPolicy (id="
rokmetro.com") example.com RP starts working fine!!!!
What am I doing wrong?
<AttributeFilterPolicy id="example.com">
<PolicyRequirementRule xsi:type="AND">
<Rule xsi:type="Requester" value="example.com" />
<Rule xsi:type="oidc:OIDCScope" value="openid" />
</PolicyRequirementRule>
<AttributeRule attributeID="subject">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="rokmetro_EMPLID">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
<AttributeFilterPolicy id="rokmetro.com">
<PolicyRequirementRule xsi:type="AND">
<Rule xsi:type="Requester" value="rokmetro.com" />
<Rule xsi:type="oid:OIDCScope" value="openid" />
</PolicyRequirementRule>
<AttributeRule attributeID="subject">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="rokmetro_EMPLID">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210827/a695f09f/attachment.htm>
More information about the users
mailing list