OIDC config issue
Mohamed Lrhazi
lrhazi at cua.edu
Fri Aug 27 21:17:38 UTC 2021
Oh! Sorry, a missing "c" in xsi:type="oid:OIDCScope"
On Fri, Aug 27, 2021 at 5:07 PM Mohamed Lrhazi <lrhazi at cua.edu> wrote:
> Hello,
>
> With the below stanzas in my attribute-filter.xml, my tests with RP
> example.com fail with error:
> Unable to produce a viable 'sub' claim
>
> If I comment out or remove the second AttributeFilterPolicy (id="
> rokmetro.com") example.com RP starts working fine!!!!
>
> What am I doing wrong?
>
>
>
> <AttributeFilterPolicy id="example.com">
> <PolicyRequirementRule xsi:type="AND">
> <Rule xsi:type="Requester" value="example.com" />
> <Rule xsi:type="oidc:OIDCScope" value="openid" />
> </PolicyRequirementRule>
> <AttributeRule attributeID="subject">
> <PermitValueRule xsi:type="ANY" />
> </AttributeRule>
> <AttributeRule attributeID="rokmetro_EMPLID">
> <PermitValueRule xsi:type="ANY" />
> </AttributeRule>
> </AttributeFilterPolicy>
>
> <AttributeFilterPolicy id="rokmetro.com">
> <PolicyRequirementRule xsi:type="AND">
> <Rule xsi:type="Requester" value="rokmetro.com" />
> <Rule xsi:type="oid:OIDCScope" value="openid" />
> </PolicyRequirementRule>
> <AttributeRule attributeID="subject">
> <PermitValueRule xsi:type="ANY" />
> </AttributeRule>
> <AttributeRule attributeID="rokmetro_EMPLID">
> <PermitValueRule xsi:type="ANY" />
> </AttributeRule>
> </AttributeFilterPolicy>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210827/c48e136e/attachment.htm>
More information about the users
mailing list