I want to pass attribute value to SP.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

I want to pass attribute value to SP.

Tomomi
I want to pass attibute value(Email,FirstName,LastName,NameID) to SP.
I proceed with accept on the Information screen.
<https://shibboleth.1660669.n2.nabble.com/file/t399034/%E3%82%AD%E3%83%A3%E3%83%97%E3%83%81%E3%83%A3.png>

But the SAML Tracer doesn't include attribute values.

Please tell me the solution.
Let me know if we can give you any other information.

Regards,
Tomomi



--
Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: I want to pass attribute value to SP.

Rod Widdowson
> I proceed with accept on the Information screen.
Not going to look at a random page but I'll believe you.

> But the SAML Tracer doesn't include attribute values.
And what do the logs say about what is put on the wire?  That will give you a better steer.

Is this SAML2? You don't specify?
Is the rest of your configuration "standard"?
Is it the same for all relying parties?

This is just deployment debugging (of *anything*) 101.

        R


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: I want to pass attribute value to SP.

Tomomi
Hi Rod,
Thank you for your response.

>And what do the logs say about what is put on the wire?  That will >give
you a better steer.

Sorry, I don't know where to look in the log.
 What is the wire?

>Is this SAML2? You don't specify?

I think is it SAML2.
where do I specify.

>Is it the same for all relying parties?

I have not changed relying-party.xml from the default value.
Can I give relying party setting for each SP.

Regards,
Tomomi



--
Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: I want to pass attribute value to SP.

David Huebner
Hi Tomomi,

On 8/16/19 5:01 AM, Tomomi wrote:
> Hi Rod,
> Thank you for your response.
>
>> And what do the logs say about what is put on the wire?  That will >give
> you a better steer.
>
> Sorry, I don't know where to look in the log.

First you should set logging levels to DEBUG, by putting (assuming it's
version 3.4.4) something like this in
/opt/shibboleth-idp/conf/idp.properties:

idp.loglevel.idp = DEBUG
idp.loglevel.messages = DEBUG
idp.loglevel.encryption = DEBUG

After restarting / reloading check the logs in
/opt/shibboleth-idp/logs/idp-process.logs.

You should see a log entry with the unencrypted XML document, that is
sent to your SP (which is meant by "on the wire").

Cheers,
David

>   What is the wire?
>
>> Is this SAML2? You don't specify?
> I think is it SAML2.
> where do I specify.
>
>> Is it the same for all relying parties?
> I have not changed relying-party.xml from the default value.
> Can I give relying party setting for each SP.
>
> Regards,
> Tomomi
>
>
>
> --
> Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: I want to pass attribute value to SP.

Tomomi
Hi David,

Sorry, I late the reply.
Thank you for your reply.

The problem has been resolved.
The cause was in the setting of assersion on the SP side.

Thanks to your support for the problem.

Regards,

Tomomi



--
Sent from: https://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]