Shib IdP Proxying to another IdP help

Cantor, Scott cantor.2 at osu.edu
Tue Feb 22 18:18:54 UTC 2022


On 2/22/22, 1:15 PM, "users on behalf of Brent Goebel" <users-bounces at shibboleth.net on behalf of Brent.Goebel at du.edu> wrote:

>    My apologies, I forgot to provide what I see in the logs. I'm seeing the "No transcoding rule for Attribute"
> show up for each attribute that is set in the attribute filter for IdP-NEW. It appears to be that second
> possibility you mentioned, Scott regarding the "decoding rules for the attribute names that are passing into
> the IdP from the other IdP." Can you please guide me on where to setup these decoding rules? Thanks.  

Those are bogus/non-unique/non-standard attribute names, which is why there are no rules for them. And I wouldn't create them, personally, I'd change the names that are being sent, but that's up to you. In any event, the fix is adding custom rules to the attribute registry service. Either XML rulesets or small property files for each rule.

https://wiki.shibboleth.net/confluence/display/IDP4/AttributeRegistryConfiguration

-- Scott




More information about the users mailing list