Perl 6 - the future is here, just unevenly distributed

IRC log for #shibboleth, 2016-08-24

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:48 ilbot3 joined ##shibboleth
11:36 pdurbin joined ##shibboleth
11:46 OSInet joined ##shibboleth
11:49 OSInet Hello. I set up an SP and can now get the attributes in my session, but I'm still missing the NameID, although the data posted by the IdP after auth contains <saml2:NameID Format="..." NameQualifier="..." SPNameQualifier="...">some account name</saml2:NameID>
11:51 OSInet Beyond attributes, I also get  Session-Index, AuthnContext-Class, Authentication-Method, Authentication-Instant, Identity-Provider, Session-ID, Application-ID, and Handler, but no NameID
11:55 pdurbin By default, some attributes /etc/shibboleth/attribute-map.xml are commented out.
11:58 OSInet hello. Yes, I saw that and configured it: but there is nothing called nameId in it. I added one just to be sure and indeed it is not present in the data posted by the IdP and I don't receive it.
11:58 OSInet I read that in some setups people generate the NameID from an attribute, but here this is not supposed to be the case, as there is no nameId attribute
11:59 OSInet I see the NameID in transaction.log, BTW
12:02 OSInet FWIW the IdP metadata includes <NameIDFormat>urn:oasis:names:tc:SAML:2.​0:nameid-format:transient</NameIDFormat>
12:04 mckeanbs joined ##shibboleth
12:41 OSInet I raised the shibd.logger levels to debug, but cannot find more information. Is there any tool showing what a response goes through before being passed to the application, so I could check where this information get logs ?
12:41 OSInet s/logs/lost
13:11 pdurbin I've found https://addons.mozilla.org/en-​US/firefox/addon/saml-tracer/ helpful
14:07 OSInet joined ##shibboleth
15:12 OSInet pdurbin: I finally found how to do it: the trick was that mapping the saml2:NameID to an attribute uses its Format as the id. (https://wiki.shibboleth.net/confluence/d​isplay/SHIB2/NativeSPAttributeExtractor ) Hard to guess.
15:12 OSInet Thanks for trying to help me.
15:43 pdurbin hmm. "The name property corresponds to the Name XML attribute of a SAML <Attribute> element or the Format XML attribute of a SAML <NameID>/<NameIdentifier> element."
17:11 dsouljah joined ##shibboleth
17:11 dsouljah Hello everyone, would anyone know if Identity Provider 3 is compatible with Picketlink 2.1.6?  Thank you
17:57 pdurbin dsouljah: you might want to ask the PicketLink folks. Or ask on the shib users mailing list.
18:47 dsouljah Ok thank you.
18:53 pdurbin dsouljah: do you like PicketLink?
19:13 dsouljah My predecessor was who decided to go with Picketlink, I think because of it's easy integration with JBoss/WildFly.  So far it's been nice.  2.1.6 worked flawless with Shib2.0, but it seems to be having issues with Shib3.0.
19:16 dsouljah I haven't verified these issues myself, but the other company's team I'm working along side tells me the issue is not with the IdP, but with our SP...
19:17 dsouljah In the end I'll probably be setting up Shibboleth IdP 3.0 locally and testing their theory on my end.

| Channels | #shibboleth index | Today | | Search | Google Search | Plain-Text | summary