10:48 a.m.
Hi Hannah,
are any attributes send at all and what are their keys? (use e.g. saml
tracer to check "on the wire"). also is metadata in sync? e.g the
signing and encryption certs?
Niels
On 07-11-18 16:59, Hannah Short wrote:
Hi again,
Just to add some more information. I’m receiving a (seemingly) valid
SAML response in Satosa (I see the base64 encoded token in the logs),
but nothing is being picked up out of it.
If I request a signature (and one is in the response) I get the error,
“Signature missing for response”. Likewise, it looks like none of the
attributes are recognised.
I don’t think I’m doing anything non-standard. It’s a simple SAML-SAML
set up (1 SP, 1 IdP), no microservices, running with Docker. I have
made very few changes from the example provided
at https://github.com/IdentityPython/SATOSA/tree/master/example
Any input appreciated,
Hannah
--
Niels van Dijk Technical Product Manager Trust & Security
Mob: +31 651347657 | Skype: cdr-80 | PGP Key ID: 0xDE7BB2F5
SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands
www.surfnet.nl www.openconext.org
On 30 Oct 2018, at 14:31, Hannah Short
<hannah.short at cern.ch
<mailto:hannah.short at cern.ch>> wrote:
Hello,
I’m hitting a strange problem; when a successful SAML response is
received by the Satosa backend containing a pretty complete attribute
statement (see below), the attributes not recognised by the Backend
and I see the error “backend received attributes: {}”.
I’m currently just testing things and haven’t changed the
internal_attributes.yaml from the example. My IdP is currently just
the SimpleSAMLphp userpass example with some mocked up SAML
attributes. I wondered whether the attribute Name Format is
incorrect, but I don’t see where this can be configured within Satosa.
Has anyone else hit this problem?
Thanks in advance,
Hannah
====================
<saml:AttributeStatement>
<saml:Attribute Name="uid"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">student</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonAffiliation"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">member</saml:AttributeValue>
<saml:AttributeValue
xsi:type="xs:string">student</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="eduPersonTargetedID"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">123456789</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="givenName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue
xsi:type="xs:string">Test</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="displayName"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">Test
Person</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="email"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xsi:type="xs:string">test at cern.ch
<mailto:test at cern.ch></saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
_______________________________________________
satosa-users mailing list
satosa-users at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-users