[satosa-users] custom attribute

hello, the attribute seems to be in the set of <RequestedAttribute>s in the service's metadata. However, the IdP seems not to be returning any value for this attribute, see Is the IdP sending it? Is there really a value for that attribute? On Tue, 21 Jul 2020 at 14:07, Janusz Ulanowski <janusz.ulanowski at heanet.ie> wrote: > > Hi, > Thank you. > see "customtentantid" attr name. > > I think logging is set to maximum: > ######################### > LOGGING: > .... > loggers: > satosa: > level: DEBUG > saml2: > level: DEBUG > oidcendpoint: > level: DEBUG > pyop: > level: DEBUG > oic: > level: DEBUG > root: > level: DEBUG > ###################### > > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['postaladdress']: no value found > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['displayName']: no value found > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['eduPersonTargetedID'] mapped to edupersontargetedid > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['givenName']: no value found > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['mail', 'email'] mapped to mail > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['cn']: no value found > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['schacPersonalTitle']: no value found > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] skipped backend attribute ['sn', 'surname']: no value found > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['eduPersonPrincipalName', 'eppn'] mapped to eppn > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['o', 'organizationName'] mapped to organizationName > [2020-07-21 10:57:20,622] [DEBUG] [satosa.attribute_mapping.to_internal] backend attribute ['schacHomeOrganization'] mapped to schacHomeOrganization > [2020-07-21 10:57:20,623] [DEBUG] [satosa.backends.saml2._translate_response] [urn:uuid:65b32c93-1ba7-4775-8f04-a38db0188097] backend received attributes: > { > "o": [ > "XXXXXXX" > ], > "eduPersonTargetedID": [ > "8SRQgI3XXXXXY=" > ], > "schacHomeOrganization": [ > "YYY.COM" > ], > "eduPersonPrincipalName": [ > "XYZ at YYY.COM" > ], > "mail": [ > "dsfdsfsdfsd at YYY>COM" > ] > } > > That custom attribute is seen as required: > > [2020-07-21 10:57:20,624] [DEBUG] [satosa.routing.frontend_routing] [urn:uuid:65b32c93-1ba7-4775-8f04-a38db0188097] Routing to frontend: Saml2IDP > [2020-07-21 10:57:20,625] [DEBUG] [saml2.assertion.filter] required: [ {'__class__': 'urn:oasis:names:tc:SAML:2.0:metadata&RequestedAttribute', 'name': 'urn:mace:heanet.ie:custom:tenantid', 'name_format': 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri', 'friendly_name': 'customtenantid', 'is_required': 'true'}], optional: [.......] > > [2020-07-21 10:57:20,625] [DEBUG] [satosa.frontends.saml2._get_approved_attributes] [urn:uuid:65b32c93-1ba7-4775-8f04-a38db0188097] Filter: ['givenname', 'organizationName', 'name', 'schacHomeOrganization', 'edupersontargetedid', 'mail', 'eppn', 'surname', 'displayname'] > > then logs show just preparing and releasing saml assertion > > > That's I get in logs > > So I cannot to use microservice to generate value for that attribute. > > Any ideas ? > > Thanks, > Janusz > > > ________________________________ > From: Giuseppe De Marco <giuseppe.demarco at unical.it> > Sent: Monday 20 July 2020 23:47 > To: Janusz Ulanowski <janusz.ulanowski at heanet.ie> > Cc: satosa-users at lists.sunet.se <satosa-users at lists.sunet.se> > Subject: Re: [satosa-users] custom attribute > > > CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. > > Hi Janusz, > Are there some isRequired attributes in the metadata of the calling sp? > Attr name format is uri, isn't It? > You can even increase debug level for pysaml2 internals, where happens filters, see this > > https://github.com/IdentityPython/pysaml2/blob/d655fc924af5ddd56a51d1e6bb41… > > That's a good point where to put a debugger or increase logging level, there you'll find what you're lookin for, explicitly > > > > Il lun 20 lug 2020, 23:52 Janusz Ulanowski <janusz.ulanowski at heanet.ie> ha scritto: > > Hi, > I'm having few issues and hopefully you might provide some light > saml to saml scenario. > > > I wanted to add custom attribute: > I added that attribute to saml_uri.py > > 'fro': { 'urn:mace:heanet.ie:custom:tenantid': 'customtenantid', ... }, > 'to': { 'customtenantid': 'urn:mace:heanet.ie:custom:tenantid', ... } > > then internal_attributes.yaml : > added: > customtenantid: > saml: [customtenantid, urn:mace:heanet.ie:custom:tenantid] > > > in saml2_frontend.yaml policy is set to allow release everything: > policy: > default: > attribute_restrictions: null > > > however: logs say: > /////////////// > xx | [2020-07-20 20:59:47,604] [DEBUG] [satosa.frontends.saml2._get_approved_attributes] [urn:uuid:244a93be-a61e-4e5f-8508-c293a24f832d] Filter: ['name', 'schacHomeOrganization', 'edupersontargetedid', 'givenname', 'eppn', 'organizationName', 'mail', 'displayname', 'surname'] > ////////////// > where does that filter come from if I have set not restriction . > Is it only way to add a custom atribute ? > > > thanks in advance, > Janusz > _______________________________________________ > satosa-users mailing list > satosa-users at lists.sunet.se > https://lists.sunet.se/listinfo/satosa-users > > > ------------------------------------------------------------------------------------------------------------------ > Il banner è generato automaticamente dal servizio di posta elettronica dell'Università della Calabria > _______________________________________________ > satosa-users mailing list > satosa-users at lists.sunet.se > https://lists.sunet.se/listinfo/satosa-users -- Ivan c00kiemon5ter Kanakarakis >:3