Resolving attributes from a SAML proxy

Wessel, Keith kwessel at
Fri Oct 8 19:01:49 UTC 2021

No need to put that debug statement in. I've got net.shibboleth.idp currently set to debug, and the log already contains:

2021-10-08 12:48:12,668 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.Validat
eSAMLAuthentication:427] - Profile Action ValidateSAMLAuthentication: Incoming SAML Attributes mapped to attribute IDs: [uid, adfsProxyAuthnMethod]

That's before the warning that I sent earlier. So, the attribute's definitely getting resolved.


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Friday, October 8, 2021 1:58 PM
To: Shib Users <users at>
Subject: Re: Resolving attributes from a SAML proxy

You do need to make sure it actually decoded that Attribute. Is there a DEBUG statement in the log of the form:

        log.debug("{} Incoming SAML Attributes mapped to attribute IDs: {}", getLogPrefix(), mapped.keySet());


That should log all the names of the attributes it decodes. If that includes anything, the AttributeContext should be there. If not, it's still not decoding anything.

-- Scott

For Consortium Member technical support, see;!!DZ3fjg!qNI446EB1EYAXKtxPFFcc3-_jMWMh01VxggFCC3KQfwaOxc0AGZrxPJlv1BY3YPWPQ$ 
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list