Perl 6 - the future is here, just unevenly distributed

IRC log for #shibboleth, 2015-08-11

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
12:11 mckeanbs joined ##shibboleth
16:28 samleese joined ##shibboleth
16:30 samleese Im using the Shibboleth SP and running into issues with the REMOTE_USER value not matching the NameID value returned by the IdP. Im getting EMAIL!!IDP-URL!!SP-URL
16:31 samleese One thing I noticed is that my SP sends this in the AuthnRequest, <samlp:NameIDPolicy AllowCreate="1"/>, and I get <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="IDP" SPNameQualifier="SP">EMAIL</saml2:NameID> back
16:32 samleese In my shib2 xml file I have, <ApplicationDefaults entityID="SP" REMOTE_USER="emailAddress"> and in attribute map I have, <Attribute name="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" id="emailAddress"><AttributeDecoder xsi:type="NameIDAttributeDecoder"/></Attribute>
16:42 samleese Ah, looks like I just need to provide the NameIDAttributeDecoder the formatter value of "$Name"
16:43 samleese Would I be able to just use StringAttributeDecoder and it still work?
16:44 mckeanbs Looks like you could provided the formatting already is as you need
16:44 mckeanbs I once had an IDP not be able to handle displaynameprintable from our ldap, it had put my name as "lastname, firstname"
16:45 mckeanbs So I had to manually make a custom nameid for them and specifically pass the cn, a space, and the sn.
16:45 mckeanbs Please don't make IDP's have to do something like that. :p
16:47 samleese Yeah Im not having them change how anything is returned, the message the IdP sends is correct, my SP config was slightly off. Was unware that NameIDAttributeDecoder had a default format
16:47 samleese Tell me something. Do you know how to config the Shibboleth SP to do HTTP POST, instead of HTTP Redirect ?
16:48 mckeanbs That I've never done. Most of my configuration has been of the IDP
16:48 mckeanbs Above I meant I had an SP with that issue, not IDP, whoops*
16:49 samleese Okay, I see in the AuthnRequest request it has Destination="IDP-URI-ID/idp/profile/SAML2/Redirect/SSO" ...  id like for it to do POST the entire time. just that SP -> IdP does redirect
16:50 samleese Searches are getting tricky. I keep finding info on the IdP on what I want :P
16:52 samleese Figured removing the Redirect info/routes from the idp-meta.xml and protocols.xml would of done it

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary