[prev in list] [next in list] [prev in thread] [next in thread]
List: forgerock-openam
Subject: [OpenAM] Problem with making an Attribute Query
From: victor.ake () forgerock ! com (Victor Ake)
Date: 2011-10-26 18:03:59
Message-ID: 4EA84B8F.9040001 () ForgeRock ! Com
[Download RAW message or body]
Hi David and Jon,
From the example that David posted to the mailing list, I see that he
was using the SOAP endpoint which uses a different mapper than the IDP
Attribute Mapper, that is why there are no attributes in the response.
The SOAP endpoint in OpenAM is using X.509 and it has an X.509 mapper.
Attribute Query in the OpenAM works fine with the proper mappers and
bindings.
Regards,
Victor
On 26/10/11 15:04, Jon Stockdill wrote:
> David,
> Did you ever get the Attribute Query working? What were you doing wrong?
>
> --jon
>
>
> On Wed, Aug 24, 2011 at 10:27 AM, David Gillespie<dgillespie at kana.com> wrote:
> > Hi all,
> >
> >
> >
> > I?m running OpenAM in a setup with one SP which is also configured with the
> > AttributeQueryDescriptorType role type. OpenAM is configured to have a
> > hosted IDP which is also an AttributeAuthority. I have one Attribute
> > Mapping (uid=uid) configured in the Attribute Mapping section of the IDP?s
> > configuration (on the Assertion Processing tab) and I receive this Attribute
> > when I get an Authentication Response, like this:
> >
> >
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> >
> > <samlp:Response
> >
> > Destination="?.."
> >
> > ID="s29734a561f9b771a97f3c18b9c864b9dbe9c5bf39"
> >
> > InResponseTo="a533hb08bc4hjai469772bd9jg245f"
> >
> > IssueInstant="2011-08-24T14:19:41Z" Version="2.0"
> > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
> >
> > ?..
> >
> > <saml:AuthnStatement> ?.
> >
> > </saml:AuthnStatement>
> >
> > <saml:AttributeStatement>
> >
> > <saml:Attribute Name="uid">
> >
> > <saml:AttributeValue
> >
> > xmlns:xs="http://www.w3.org/2001/XMLSchema"
> >
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:type="xs:string">test</saml:AttributeValue>
> >
> > </saml:Attribute>
> >
> > </saml:AttributeStatement>
> >
> > </saml:Assertion>
> >
> > </samlp:Response>
> >
> >
> >
> > But when I make an Attribute Query via the SOAP endpoint such as the one
> > below:
> >
> >
> >
> > 24-Aug-2011 15:19:42:305 DEBUG [http-8443-1] PROTOCOL_MESSAGE
> > logEncodedMessage
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> >
> > <soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
> >
> > <soap11:Body>
> >
> > <saml2p:AttributeQuery
> >
> >
> > Destination="http://bfs-product-12.lagan.com:8080/opensso/AttributeServiceSoap/default/metaAlias/attributeauthority"
> >
> > ID="a3112f10c9c8bfc247i93djh5gda273"
> >
> > IssueInstant="2011-08-24T14:19:42.273Z" Version="2.0"
> > xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
> >
> > <saml2:Issuer
> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">bfs-product-12.lagan.com-cas</saml2:Issuer>
> >
> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >
> > ?..
> >
> > </ds:Signature>
> >
> > <saml2:Subject
> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
> >
> > <saml2:NameID
> >
> >
> > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
> > NameQualifier="http://bfs-product-12.lagan.com:8080/opensso">jSAcKrOGPs6wCd/23g/gXn5wcIFP</saml2:NameID>
> >
> > </saml2:Subject>
> >
> > <saml2:Attribute FriendlyName="uid"
> >
> > Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.15"
> >
> > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"/>
> >
> > <saml2:Attribute FriendlyName="cn" Name="urn:oid:2.5.4.3"
> >
> > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"/>
> >
> > <saml2:Attribute
> >
> > FriendlyName="urn:oid:1.3.6.1.4.1.1466.115.121.1.15"
> >
> > Name="uid"
> >
> > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"/>
> >
> > <saml2:Attribute FriendlyName="urn:oid:2.5.4.3" Name="cn"
> >
> > NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
> > xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"/>
> >
> > </saml2p:AttributeQuery>
> >
> > </soap11:Body>
> >
> > </soap11:Envelope>
> >
> >
> >
> > I don?t get it. I just get this response:
> >
> >
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> >
> > <soap-env:Envelope
> > xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/">
> >
> > <soap-env:Body>
> >
> > <samlp:Response ID="s2769e9df36759d8634181b5fb9f1577bf6bda913a"
> >
> > InResponseTo="a3112f10c9c8bfc247i93djh5gda273"
> >
> > IssueInstant="2011-08-24T14:19:42Z" Version="2.0"
> > xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
> >
> > <saml:Issuer
> > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://bfs-product-12.lagan.com:8080/opensso</saml:Issuer>
> >
> > <ds:Signature
> >
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ?.
> > </ds:Signature>
> >
> > <samlp:Status>
> >
> > <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success">
> >
> > </samlp:StatusCode>
> >
> > </samlp:Status>
> >
> > <saml:Assertion
> >
> > ID="s2fd6bac685bcce60edd8e8b9a40097ff5bdad8cbb"
> >
> > IssueInstant="2011-08-24T14:19:42Z" Version="2.0"
> > xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
> >
> > <saml:Issuer>http://bfs-product-12.lagan.com:8080/opensso</saml:Issuer>
> >
> > <saml:Subject>
> >
> > <saml:NameID
> >
> >
> > Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
> > NameQualifier="http://bfs-product-12.lagan.com:8080/opensso">jSAcKrOGPs6wCd/23g/gXn5wcIFP</saml:NameID>
> >
> > </saml:Subject>
> >
> > <saml:Conditions NotBefore="2011-08-24T14:09:42Z"
> > NotOnOrAfter="2011-08-24T14:29:42Z">
> >
> > <saml:AudienceRestriction>
> >
> > <saml:Audience>?.</saml:Audience>
> >
> > </saml:AudienceRestriction>
> >
> > </saml:Conditions>
> >
> > </saml:Assertion>
> >
> > </samlp:Response>
> >
> > </soap-env:Body>
> >
> > </soap-env:Envelope>
> >
> >
> >
> > Does anyone have any idea what I?m doing wrong?
> >
> >
> >
> > Thanks in advance.
> >
> >
> >
> > David
> >
> > _______________________________________________
> > OpenAM mailing list
> > OpenAM at forgerock.org
> > https://lists.forgerock.org/mailman/listinfo/openam
> >
> >
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic