Issue with upgrade 3.3 to 4.1 no attributes released

Powell, Keith A PowellKeithA at uams.edu
Wed Nov 10 19:45:49 UTC 2021 

Also, I do see this error when there is an attempt to reach https://sdauth.sciencedirect.com/:
2021-11-10 13:27:52,960 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:88] - Decoded SAML relay state of: null
2021-11-10 13:27:52,961 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:117] - Getting Base64 encoded message from request
2021-11-10 13:27:52,961 - ERROR [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:124] - Request did not contain either a SAMLRequest or SAMLResponse paramter.  Invalid request for SAML 2 HTTP POST binding.
2021-11-10 13:27:52,961 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:73] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: No SAML message present in request
        at org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder.getBase64DecodedMessage(HTTPPostDecoder.java:126)
2021-11-10 13:27:52,962 - WARN [org.opensaml.profile.action.impl.LogEvent:101] - A non-proceed event occurred while processing the request: UnableToDecode
2021-11-10 13:27:52,962 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:142] - No SAMLBindingContext or binding URI available, error must be handled locally

I personal went to the URL and this is reported as the error:

shibsp::ConfigurationException at (https://sdauth.sciencedirect.com/)

None of the configured SessionInitiators handled the request.

Thanks,
Keith

From: users <users-bounces at shibboleth.net> On Behalf Of Powell, Keith A
Sent: Wednesday, November 10, 2021 1:25 PM
To: users at shibboleth.net
Subject: Issue with upgrade 3.3 to 4.1 no attributes released

I am not getting any warnings nor errors in the idp-process.log. Everything appears to be going fine with the browser login process and we reach the attribute release consent form that is populated with released attributes, and then when the user clicks on the consent, that is when things stop working as expected.

In the logs: authentication to ldap works, I can see attributes being setup by the IDP and send that back to the SP, but the SP logs show no attributes made it to them.

We have a CAS SP and get this:
“’clientAction’ of flow ‘login’ – action attributes were ‘map[[empty]]’]

This was upgraded from a working IDP 3.3. I have combed over the config and property files and cannot figure out where this is breaking down.
Can someone point me at what sort of things I should be looking at on the IDP?

________________________________
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211110/851af82b/attachment.htm>

More information about the users mailing list