SP - Receiving Attributes

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SP - Receiving Attributes

ChrisOlver
Hi Gents,
A bit stuck and just want to make sure I am barking up the correct tree. We have recently setup a shibboleth SP (Version 2.3.1) on IIS7 which all seems to be working correctly. Users can sign in via the WAYF correctly and it passes them to the secured page via shibboleth.

Unfortunately we are unable to see any of our requested attributes from the IDP (such as: eduPersonScopedAffiliation, eduPersonTargetedID, eduPersonPrincipalName). Via php's print_r($_SERVER) the shibboleth attributes of:

[HTTP_SHIBSPOOFCHECK]
[HTTP_SHIBAPPLICATIONID]
[HTTP_SHIBSESSIONID]
[HTTP_SHIBIDENTITYPROVIDER]
[HTTP_SHIBAUTHENTICATIONINSTANT]

are all being filled/populated but unable to see the attributes of above. From looking in the shibboleth log I can see: "Shibboleth.AttributeResolver.Query [1]: response from attribute authority was empty". From googling it, it seems to look like the IDP is not releasing any data/attributes upon logging in rather than our configuration blocking anything. From what I am aware we have allowed all data to be passed/received. Does this sound about right so I can follow/debate this up with the IDP in question.

Many thanks.

-Chris