2:31 p.m.
Hello,
I’m hitting a strange problem; when a successful SAML response is received by the Satosa
backend containing a pretty complete attribute statement (see below), the attributes not
recognised by the Backend and I see the error “backend received attributes: {}”.
I’m currently just testing things and haven’t changed the internal_attributes.yaml from
the example. My IdP is currently just the SimpleSAMLphp userpass example with some mocked
up SAML attributes. I wondered whether the attribute Name Format is incorrect, but I don’t
see where this can be configured within Satosa.
Has anyone else hit this problem?
Thanks in advance,
Hannah
====================
<saml:AttributeStatement>
<saml:Attribute Name="uid"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">student</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonAffiliation"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">member</saml:AttributeValue>
<saml:AttributeValue
xsi:type="xs:string">student</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonTargetedID"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">123456789</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="givenName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="displayName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Test
Person</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">test at
cern.ch</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>