Fwd: Installing Shibboleth idp3 with hubspot as sp: Getting Saml response status code InvalidNameIDPolicy

Youssef Ait Laydi youssef.aitlaydi at gmail.com
Sat Jun 5 20:23:24 UTC 2021


Yes I use external authentication but I put just principal name into
request attribute like:
request.setAttribute(ExternalAuthentication.PRINCIPAL_NAME_KEY, username);
through documentation, I will need subject canonicalization if I use a
Subject as authentication result

Am Sa., 5. Juni 2021 um 00:02 Uhr schrieb Peter Schober <
peter.schober at univie.ac.at>:

> * Youssef Ait Laydi <youssef.aitlaydi at gmail.com> [2021-06-04 23:21]:
> > <AttributeDefinition id="mail" xsi:type="PrincipalName">
> > <AttributeEncoder xsi:type="SAML1String"
> > name="urn:mace:dir:attribute-def:mail" />        <AttributeEncoder
> > xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
> > friendlyName="mail" />    </AttributeDefinition>
>
> I don't think (and your logs confirm) that this isn't sufficient to
> get at the value from your external authentication mechanism.
>
> > And this configuration on *relying-party.xml*
>
> There's not need to override the nameIDFormatPrecedence when the
> metadata for the SP already specifies the desired NameIDFormat.
> (If in doubt see the Format selection part of the IDP documentation.)
>
> > I don't know how to get attributeSourceIds?
>
> Well, you managed to create your own external authentication method so
> I guess you'll just have to continue reading the documentation to
> learn about subject canonicalization and then how to pull the desired
> info into an attribute in your resolver.
>
> > WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:93] - Relay
> state
> > exceeds 80 bytes: {"loginEmail":"test_sso at example.com
> > ","loginType":"CONFIRMATION","redirect":"
> > https://app.hubspot.com/settings-sso-confirm","rememberLogin":false}
>
> I have no idea what exaclty is the value of your RelayState from the
> line above but you can as far as "Relay state exceeds 80 bytes" goes
> you can ignore it.
>
> -peter
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>


-- 
Software Engineer
Oracle Certified Professional Java SE 6 Programmer
Tel: 0674-931593
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210605/39568304/attachment.htm>


More information about the users mailing list