Resolving attributes from a SAML proxy
Wessel, Keith
kwessel at illinois.edu
Fri Oct 8 19:01:49 UTC 2021
No need to put that debug statement in. I've got net.shibboleth.idp currently set to debug, and the log already contains:
2021-10-08 12:48:12,668 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.Validat
eSAMLAuthentication:427] - Profile Action ValidateSAMLAuthentication: Incoming SAML Attributes mapped to attribute IDs: [uid, adfsProxyAuthnMethod]
That's before the warning that I sent earlier. So, the attribute's definitely getting resolved.
Keith
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Friday, October 8, 2021 1:58 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Resolving attributes from a SAML proxy
You do need to make sure it actually decoded that Attribute. Is there a DEBUG statement in the log of the form:
log.debug("{} Incoming SAML Attributes mapped to attribute IDs: {}", getLogPrefix(), mapped.keySet());
?
That should log all the names of the attributes it decodes. If that includes anything, the AttributeContext should be there. If not, it's still not decoding anything.
-- Scott
--
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!qNI446EB1EYAXKtxPFFcc3-_jMWMh01VxggFCC3KQfwaOxc0AGZrxPJlv1BY3YPWPQ$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list