stuck...

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

stuck...

Herriott, Cascade

Hi all,

 

I’m setting up shib in our production environment and have gotten so far as to the SP authenticating against the idP, but it bombs on the redirecting back to the resource.

 

I’ve already gone through this practice with a dev idP and that works perfectly.

 

Digging through the logs I think this is the issue (see below), but I’m not sure if this translates into adding new attributes, or if the metadata for our prod idP is wrong, or something else.

 

2018-05-09 11:20:04 DEBUG Shibboleth.SSO.SAML2 [2]: SSO profile processing completed successfully

2018-05-09 11:20:04 DEBUG Shibboleth.SSO.SAML2 [2]: extracting pushed attributes...

2018-05-09 11:20:04 DEBUG Shibboleth.AttributeExtractor.XML [2]: unable to extract attributes, unknown XML object type: saml2p:Response

2018-05-09 11:20:04 DEBUG Shibboleth.AttributeExtractor.XML [2]: skipping unmapped NameID with format (urn:oasis:names:tc:SAML:2.0:nameid-format:transient)

2018-05-09 11:20:04 DEBUG Shibboleth.AttributeExtractor.XML [2]: unable to extract attributes, unknown XML object type: saml2:AuthnStatement

2018-05-09 11:20:04 DEBUG Shibboleth.AttributeDecoder.Scoped [2]: decoding ScopedAttribute (affiliation) from SAML 2 Attribute (urn:oid:1.3.6.1.4.1.5923.1.1.1.9) with 4 value(s)

2018-05-09 11:20:04 INFO Shibboleth.AttributeExtractor.XML [2]: skipping unmapped SAML 2.0 Attribute with Name: urn:oid:2.5.4.3

2018-05-09 11:20:04 DEBUG Shibboleth.AttributeDecoder.Scoped [2]: decoding ScopedAttribute (eppn) from SAML 2 Attribute (urn:oid:1.3.6.1.4.1.5923.1.1.1.6) with 1 value(s)

2018-05-09 11:20:04 DEBUG Shibboleth.AttributeDecoder.NameID [2]: decoding NameIDAttribute (persistent-id) from SAML 2 Attribute (urn:oid:1.3.6.1.4.1.5923.1.1.1.10) with 1 value(s)

2018-05-09 11:20:04 DEBUG Shibboleth.AttributeDecoder.NameID [2]: decoding saml2:NameID child element of AttributeValue

2018-05-09 11:20:04 WARN Shibboleth.AttributeFilter.Dummy [2]: filtering out all attributes

2018-05-09 11:20:04 DEBUG Shibboleth.SSO.SAML2 [2]: resolving attributes...

 

 

Can anyone offer some advice? 

 

Thanks,

 

-Cascade

 

 

 


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: stuck...

Cantor, Scott E.
> 2018-05-09 11:20:04 WARN Shibboleth.AttributeFilter.Dummy [2]: filtering\
> out all attributes

Broken configuration due to something you changed. You're ignoring errors in the log.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]