[satosa-users] custom attribute

Hi, Thank you. see "customtentantid" attr name. I think logging is set to maximum: ######################### LOGGING: .... loggers: satosa: level: DEBUG saml2: level: DEBUG oidcendpoint: level: DEBUG pyop: level: DEBUG oic: level: DEBUG root: level: DEBUG ###################### [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['postaladdress']: no value found [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['displayName']: no value found [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['eduPersonTargetedID'] mapped to edupersontargetedid [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['givenName']: no value found [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['mail', 'email'] mapped to mail [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['cn']: no value found [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['schacPersonalTitle']: no value found [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['sn', 'surname']: no value found [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['eduPersonPrincipalName', 'eppn'] mapped to eppn [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['o', 'organizationName'] mapped to organizationName [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['schacHomeOrganization'] mapped to schacHomeOrganization [2020-07-21 10:57:20,623] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['customtenantid']: no value found [2020-07-21 10:57:20,623] [DEBUG] [satosa.backends.saml2._translate_response] [urn:uuid:65b32c93-1ba7-4775-8f04-a38db0188097] backend received attributes: { "o": [ "XXXXXXX" ], "eduPersonTargetedID": [ "8SRQgI3XXXXXY=" ], "schacHomeOrganization": [ "YYY.COM" ], "eduPersonPrincipalName": [ "XYZ at YYY.COM" ], "mail": [ "dsfdsfsdfsd at YYY>COM" ] } That custom attribute is seen as required: [2020-07-21 10:57:20,624] [DEBUG] [satosa.routing.frontend_routing] [urn:uuid:65b32c93-1ba7-4775-8f04-a38db0188097] Routing to frontend: Saml2IDP [2020-07-21 10:57:20,625] [DEBUG] [saml2.assertion.filter] required: [ {'__class__': 'urn:oasis:names:tc:SAML:2.0:metadata&RequestedAttribute', 'name': 'urn:mace:heanet.ie:custom:tenantid', 'name_format': 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'friendly_name': 'customtenantid', 'is_required': 'true'}], optional: [.......] [2020-07-21 10:57:20,625] [DEBUG] [satosa.frontends.saml2._get_approved_attributes] [urn:uuid:65b32c93-1ba7-4775-8f04-a38db0188097] Filter: ['givenname', 'organizationName', 'name', 'schacHomeOrganization', 'edupersontargetedid', 'mail', 'eppn', 'surname', 'displayname'] then logs show just preparing and releasing saml assertion That's I get in logs So I cannot to use microservice to generate value for that attribute. Any ideas ? Thanks, Janusz ________________________________ From: Giuseppe De Marco <giuseppe.demarco at unical.it> Sent: Monday 20 July 2020 23:47 To: Janusz Ulanowski <janusz.ulanowski at heanet.ie> Cc: satosa-users at lists.sunet.se <satosa-users at lists.sunet.se> Subject: Re: [satosa-users] custom attribute CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Hi Janusz, Are there some isRequired attributes in the metadata of the calling sp? Attr name format is uri, isn't It? You can even increase debug level for pysaml2 internals, where happens filters, see this https://github.com/IdentityPython/pysaml2/blob/d655fc924af5ddd56a51d1e6bb41… That's a good point where to put a debugger or increase logging level, there you'll find what you're lookin for, explicitly Il lun 20 lug 2020, 23:52 Janusz Ulanowski <janusz.ulanowski at heanet.ie<mailto:janusz.ulanowski at heanet.ie>> ha scritto: Hi, I'm having few issues and hopefully you might provide some light saml to saml scenario. I wanted to add custom attribute: I added that attribute to saml_uri.py 'fro': { 'urn:mace:heanet.ie:custom:tenantid': 'customtenantid', ... }, 'to': { 'customtenantid': 'urn:mace:heanet.ie:custom:tenantid', ... } then internal_attributes.yaml : added: customtenantid: saml: [customtenantid, urn:mace:heanet.ie:custom:tenantid] in saml2_frontend.yaml policy is set to allow release everything: policy: default: attribute_restrictions: null however: logs say: /////////////// xx | [2020-07-20 20:59:47,604] [DEBUG] [satosa.frontends.saml2._get_approved_attributes] [urn:uuid:244a93be-a61e-4e5f-8508-c293a24f832d] Filter: ['name', 'schacHomeOrganization', 'edupersontargetedid', 'givenname', 'eppn', 'organizationName', 'mail', 'displayname', 'surname'] ////////////// where does that filter come from if I have set not restriction . Is it only way to add a custom atribute ? thanks in advance, Janusz _______________________________________________ satosa-users mailing list satosa-users at lists.sunet.se<mailto:satosa-users at lists.sunet.se> https://lists.sunet.se/listinfo/satosa-users ------------------------------------------------------------------------------------------------------------------ Il banner è generato automaticamente dal servizio di posta elettronica dell'Università della Calabria [https://www.unical.it/portale/strutture/centri/centroict/5x1000_2020_35.jpg…