satosa-users@lists.sunet.se

1 participants
1 discussions

Unknown attribute name when visible in Attribute Statement

by taylorhucker＠gmail.com

I am writing to request assistance with releasing a custom attribute that is not listed as a requested attribute by one of our InCommon Service Providers (SPs). The attribute is present in the IDP response, but it appears that it is not being returned to the InCommon SP. I have attempted to set the attribute as default for all SPs, but I would like to limit its release to specific SP if needed. I have made some changes to the configuration files and observed the following log messages: Filter: ['edupersonprincipalname', 'edupersonaffiliation', 'givenname', 'edupersonscopedaffiliation', 'mail', 'edupersontargetedid'] Attribute Statement: <ns0:AttributeStatement xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <ns0:Attribute FriendlyName="abcID" Name="urn:oid:1.3.6.1.4.18941.1.2.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">8989898</ns0:AttributeValue></ns0:Attribute> <ns0:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">99999</ns0:NameID></ns0:AttributeValue></ns0:Attribute></ns0:AttributeStatement> Unknown attribute name: <ns0:Attribute xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" FriendlyName="abcID" Name="urn:oid:1.3.6.1.4.18941.1.2.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">8989898</ns0:AttributeValue></ns0:Attribute> skipped backend attribute ['abcID']: no value found I have made the following changes to the configuration files: Internal_attributes.yaml Added abcid: saml: [abcID] Backend.yaml Added custom_attribute_release: "default": include: ["abcID"] allow_unknown_attributes: true attribute_map_dir: [/etc/satosa/attributemaps] Frontend.yaml -No specific changes made Saml_url.py From area: 'urn:oid:1.3.6.1.4.18941.1.2.1.1': 'abcID', To area: 'abcID': 'urn:oid:1.3.6.1.4.18941.1.2.1.1', Could you please help me troubleshoot this issue and provide guidance on how to release the custom attribute as needed? Also how could I release this attribute as the NameID for just the specific SP that requires it?

4 months

2024

2023

2022

2021

2020

2019

2018

2017

satosa-users May 2024