Cunfigure eduPersonTargetedID shibboleth Idp windows 3.4

Aisha Al Fudhaili aisha at omren.om
Fri Sep 24 09:07:49 UTC 2021 

The dataconnecter is working now without any error, but the Pairwise-ID has no value ☹. What I did wrong?



  <saml2:Subject>
        <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://idp.omren.om/idp" SPNameQualifier="https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp">AAdzZWNyZXQxJ7TOkhA2wH13lzJmKhNYHtaQQ3o74SjG7OoQBEwWSBwKZikA3Lbeb/tKyrVn2V83gGKJc/Hj86rC5qV/RCrP7Sv/qu9NP+11gPv3a2Mo54cKG7Un5IWhBpTlJvHPKAdxtJBboLsA9GLGjVGxW58VDQfxL/VpCGLM2uQYtr3P3IoVOWrH</saml2:NameID>
    </saml2:Subject>
    <saml2:AttributeStatement>
        <saml2:Attribute FriendlyName="uid" Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue>aisha</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="eduPersonScopedAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue>member at idp.omren.om</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue>aisha at idp.omren.om</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue>aisha at idp.omren.om</saml2:AttributeValue>
        </saml2:Attribute>
    </saml2:AttributeStatement>
</saml2:Assertion> 

-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Peter Schober
Sent: Thursday, September 23, 2021 3:50 PM
To: users at shibboleth.net
Subject: Re: Cunfigure eduPersonTargetedID shibboleth Idp windows 3.4

* Aisha Al Fudhaili <aisha at omren.om> [2021-09-23 11:40]:
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49
> - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext 
> error, data 52e, v4563 ]

LDAP code 49 means "invalidCredentials", as per
https://datatracker.ietf.org/doc/html/rfc4511#section-4.1.9

And according to
https://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors
"52e" means that:
"username is valid but password/credential is invalid".

So seems to me your ldap configuration (in ldap.properties) is wrong.
But if that were the case nothing (needing LDAP) in the IDP would ever work?

-peter
--
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list