OIDC attribute not being returned

McLennan, Neil R n.mclennan at imperial.ac.uk
Fri Nov 18 17:59:57 UTC 2022 

I am trying to pass an attribute called mifare back to an OIDC client, but I can't work out what I am doing wrong? It's listed in the scope, it contains a value, the attribute definition has an OIDCStringTranscoder but it's the only attribute not sent back? 
Any ideas? 

Metadata
  {
    "scope":"openid info profile uid sn givenName mifare",
    "redirect_uris":["imperialcollege://callback"],
    "post_logout_redirect_uris":["imperialcollege://main"],
    "client_id":"<client id>",
    "client_secret":"<Secret>",
    "response_types":["code","id_token","token id_token","code id_token","code token","code token id_token"],
    "token_endpoint_auth_method":"client_secret_post",
    "grant_types":["authorization_code"]
  },

Attribute Definition

<bean parent="shibboleth.TranscodingProperties">
            <property name="properties">
                <props merge="true">
                    <prop key="id">mifare</prop>
                    <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder OIDCStringTranscoder</prop>
                    <prop key="saml2.name">mifare</prop>
                    <prop key="saml1.name">mifare</prop>
            <prop key="oidc.name">mifare</prop>
                    <prop key="displayName.en">mifare</prop>
                    <prop key="description.en">mifare</prop>
                </props>
			            </property>
        </bean>

Attributes Filtering showing mifare attribute contains a value

2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:183] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_5feca588ade3c92f6ad7d2751c448fa7'  Filtering values for attribute 'uid' which currently contains 1 values
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:192] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_5feca588ade3c92f6ad7d2751c448fa7'  Filter has permitted the release of 1 values for attribute 'uid'
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:183] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_79eabeff370f99df79b2b32f57aa3661'  Filtering values for attribute 'sn' which currently contains 1 values
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:192] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_79eabeff370f99df79b2b32f57aa3661'  Filter has permitted the release of 1 values for attribute 'sn'
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:183] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_16c341d9d4f6595f250ce73298165d94'  Filtering values for attribute 'givenName' which currently contains 1 values
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:192] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_16c341d9d4f6595f250ce73298165d94'  Filter has permitted the release of 1 values for attribute 'givenName'
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:183] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_05953d9558223e97234e45f2f3aadb46'  Filtering values for attribute 'mifare' which currently contains 1 values
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:192] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_05953d9558223e97234e45f2f3aadb46'  Filter has permitted the release of 1 values for attribute 'mifare'
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:183] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_54669573f3617b1dbeab0dd96d1e5415'  Filtering values for attribute 'subject' which currently contains 1 values
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:192] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_54669573f3617b1dbeab0dd96d1e5415'  Filter has permitted the release of 1 values for attribute 'subject'
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:183] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_a80e58820f362aabb76e0d3c7097f382'  Filtering values for attribute 'department' which currently contains 1 values
2022-11-18 16:37:13,857 - 2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa - DEBUG [net.shibboleth.idp.attribute.filter.AttributeRule:192] - Attribute filtering engine '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/AttributeRule:_a80e58820f362aabb76e0d3c7097f382'  Filter has permitted the release of 1 values for attribute 'department'

OIDC Audit 

2022-11-18T16:37:14.013911900Z|2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa|AuthenticationRequest||<client id>|http://shibboleth.net/ns/profiles/oidc/sso/browser|https://shibboleth.imperial.ac.uk/shibboleth|AuthenticationSuccessResponse||username|||
2022-11-18T16:37:14.467049700Z|2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa|KeySet|||http://shibboleth.net/ns/profiles/oidc/keyset||||||||||null|||||||||||||
2022-11-18T16:37:16.060824700Z|2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa|TokenRequest||<client id>|http://shibboleth.net/ns/profiles/oidc/sso/browser|https://shibboleth.imperial.ac.uk/shibboleth|OIDCTokenResponse||username||at_hash,sub,aud,auth_time,iss,exp,iat
2022-11-18T16:37:16.232705900Z|2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa|KeySet|||http://shibboleth.net/ns/profiles/oidc/keyset||||||||||null|||||||||||||
2022-11-18T16:37:17.529601400Z|2a0c:5bc0:40:2e34:d432:3f2b:7636:33aa|UserInfoRequest||<client id>|http://shibboleth.net/ns/profiles/oidc/userinfo|https://shibboleth.imperial.ac.uk/shibboleth|UserInfoSuccessResponse||username||eduPersonEntitlement,sub,givenName,eduPersonPrincipalName,sn,preferred_username,department,given_name,family_name

Why is mifare not being returned ?

More information about the users mailing list