Resolving attributes from a SAML proxy

Wessel, Keith kwessel at illinois.edu
Fri Oct 8 19:01:49 UTC 2021


No need to put that debug statement in. I've got net.shibboleth.idp currently set to debug, and the log already contains:

2021-10-08 12:48:12,668 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.Validat
eSAMLAuthentication:427] - Profile Action ValidateSAMLAuthentication: Incoming SAML Attributes mapped to attribute IDs: [uid, adfsProxyAuthnMethod]

That's before the warning that I sent earlier. So, the attribute's definitely getting resolved.

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Friday, October 8, 2021 1:58 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Resolving attributes from a SAML proxy

You do need to make sure it actually decoded that Attribute. Is there a DEBUG statement in the log of the form:

        log.debug("{} Incoming SAML Attributes mapped to attribute IDs: {}", getLogPrefix(), mapped.keySet());

?

That should log all the names of the attributes it decodes. If that includes anything, the AttributeContext should be there. If not, it's still not decoding anything.

-- Scott


-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!qNI446EB1EYAXKtxPFFcc3-_jMWMh01VxggFCC3KQfwaOxc0AGZrxPJlv1BY3YPWPQ$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


More information about the users mailing list