[satosa-users] Attributes removed from SAML Response to Backend

Hi again, Just to add some more information. I’m receiving a (seemingly) valid SAML response in Satosa (I see the base64 encoded token in the logs), but nothing is being picked up out of it. If I request a signature (and one is in the response) I get the error, “Signature missing for response”. Likewise, it looks like none of the attributes are recognised. I don’t think I’m doing anything non-standard. It’s a simple SAML-SAML set up (1 SP, 1 IdP), no microservices, running with Docker. I have made very few changes from the example provided at https://github.com/IdentityPython/SATOSA/tree/master/example Any input appreciated, Hannah On 30 Oct 2018, at 14:31, Hannah Short <hannah.short at cern.ch<mailto:hannah.short at cern.ch>> wrote: Hello, I’m hitting a strange problem; when a successful SAML response is received by the Satosa backend containing a pretty complete attribute statement (see below), the attributes not recognised by the Backend and I see the error “backend received attributes: {}”. I’m currently just testing things and haven’t changed the internal_attributes.yaml from the example. My IdP is currently just the SimpleSAMLphp userpass example with some mocked up SAML attributes. I wondered whether the attribute Name Format is incorrect, but I don’t see where this can be configured within Satosa. Has anyone else hit this problem? Thanks in advance, Hannah ==================== <saml:AttributeStatement> <saml:Attribute Name="uid" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">student</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="eduPersonAffiliation" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">member</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:string">student</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="eduPersonTargetedID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">123456789</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">Test</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="displayName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">Test Person</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <saml:AttributeValue xsi:type="xs:string">test at cern.ch<mailto:test at cern.ch></saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement>