Also, I tried to use “primary_identifier” as a “micro_service”, without any further
success (still nothing after frontend returned attributes).
Will try with a proper SSL cert in front using a WAF-proxy (if there is no limitation for
that with Azure cloud app), to rule out if the portal only accepts proper SSL certs. Need
to wait for DNS propagation and then ask SWAMID to update our metadata.
Regards
Mats
On 28 Oct 2017, at 01:27, Admin IFMSA-Sweden <admin
at ifmsa.se> wrote:
Deleted old docker images, volumes, containers, and attributemaps (attributemaps in
working directory). Pulled the latest satosa/satosa (the latest update from today).
Should I expect to see a persistent NameID anywhere in the logs when our portal SP
metadata is configured to ask for a persistent NameID?
Our portal can not login, don’t know if it is a issue with persistent NameID or is the
portal not accepting the self signed SSL certificate.
Many thanks.
Regards
Mats
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] Routing path: Saml2/acs/post
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] Found registered endpoint:
module name:'Saml2', endpoint: Saml2/acs/post
[DEBUG]: backend attribute '['eduPersonTargetedID']' mapped to
edupersontargetedid
[DEBUG]: backend attribute '['cn']' mapped to name
[DEBUG]: skipped backend attribute '['postaladdress']': no value found
[DEBUG]: backend attribute '['displayName']' mapped to displayname
[DEBUG]: backend attribute '['sn', 'surname']' mapped to surname
[DEBUG]: backend attribute '['email', 'emailAdress',
'mail']' mapped to mail
[DEBUG]: backend attribute '['givenName']' mapped to givenname
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] backend received attributes:
{
"displayName": [
"xxx xxx"
],
"co": [
“xxx"
],
"eduPersonTargetedID": [
“xxxxxxxxxxxxx="
],
"eduPersonAssurance": [
"http://www.swamid.se/policy/assurance/al1",
"http://www.swamid.se/policy/assurance/al2"
],
"eduPersonPrincipalName": [
“xxx at xxx.xxx"
],
"givenName": [
“xxx"
],
"c": [
“xxx"
],
"sn": [
“xxx"
],
"cn": [
“xxx xxx"
],
"eduPersonScopedAffiliation": [
“xxx at xxx.xxx",
"xxx at xxx.xxx"
],
"norEduOrgAcronym": [
“xxx"
],
"schacHomeOrganization": [
“xxx.xxx.xxx"
],
"o": [
“Xxx xxx"
],
"mail": [
“xxx at xxx.xxx"
]
}
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] Routing to frontend: Saml2IDP
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] Filter: ['displayname',
'givenname', 'edupersontargetedid', 'name', 'surname',
'mail']
[DEBUG]: frontend attribute eduPersonTargetedID mapped from edupersontargetedid
[DEBUG]: frontend attribute cn mapped from name
[DEBUG]: frontend attribute displayName mapped from displayname
[DEBUG]: frontend attribute sn mapped from surname
[DEBUG]: frontend attribute email mapped from mail
[DEBUG]: frontend attribute givenName mapped from givenname
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] returning attributes
{"sn": [“xxx"], "displayName": [“xxx xxx"],
"email": [“xxx at xxx.xxx"], "cn": [“xxx xxx"],
"givenName": [“xxx"], "eduPersonTargetedID":
[“xxxxxxxxxx"]}
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] signing with algorithm
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] using digest algorithm
http://www.w3.org/2001/04/xmlenc#sha256
[DEBUG]: [urn:uuid:cxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] Saving state as cookie, secure:
True, max-age: 1200, path: /
[DEBUG]: read request data: {}
[DEBUG]: Did not find cookie named 'SATOSA_STATE' in cookie string ''
[DEBUG]: [urn:uuid:bxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] Routing path: favicon.ico
[DEBUG]: [urn:uuid:bxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx] Unknown backend favicon.ico
On 27 Oct 2017, at 12:42, Admin IFMSA-Sweden
<admin at ifmsa.se> wrote:
Hi all,
Many thanks for your replies.
I can not se any internal logs from the CRM portal, it is hosted by Microsoft.
The CRM portal however requires persistent NameID. Is it necessary to manually configure
generation of persistent NameID with SATOSA frontend module? If only eptid is released,
can I use it as part of the persistent NameID? And can I also choose to generate a
persistent NameID with eppn instead (with a hash)?
We are using testing metadata which is not used by all IdP:s.
Many thanks.
Regards
Mats
On 27 Oct 2017, at 11:39, Ioannis Kakavas
<ikakavas at protonmail.com> wrote:
I see no error in the logs you attached. Is there something more later on? Does your
browser get redirected to the CRM portal and if so is there an error there ? It would be
helpful to get some logs from that too.
Bes
Best Regards
Ioannis
-------- Original Message --------
Subject: Re: [satosa-users] Problem with Dynamics 365 Portal
Local Time: October 27, 2017 9:45 AM
UTC Time: October 27, 2017 8:45 AM
From: lundberg at sunet.se
To: Admin IFMSA-Sweden <admin at ifmsa.se>, satosa-users at lists.sunet.se
On Thu, 2017-10-19 at 15:14 +0200, Admin IFMSA-Sweden wrote:
Hello,
Our SP is a Dynamics 365 Portal, S2S as SAML2SAML proxy, backend gets
metadata from SWAMID, frontend act as IdP for our portal.
Getting the following error, it always stop at “returning
attributes”.
Could it possibly be a problem with self-signed SSL certificate that
Microsoft CRM Portal does not accept or is any parties not accepting
SHA256?
Or is there anything else that I forgot to configure?
Thanks for any help from you guys. The end of the debug log is below.
Hello Mats,
Do you still have this problem or did you manage to find a solution?
Br
Johan Lundberg
SUNET
Tulegatan 11
113 53 Stockholm
+46730714375_______________________________________________
satosa-users mailing list
satosa-users at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-users
_______________________________________________
satosa-users mailing list
satosa-users at lists.sunet.se
https://lists.sunet.se/listinfo/satosa-users