[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: Re: Shib 4.0.1, repeated attributes in SAML assertions
From: Jeffrey Williams via users <users () shibboleth ! net>
Date: 2021-02-22 18:44:47
Message-ID: CAOvV0TTGmDejFFPgNwaa9Lccxo=xk5WXTTwSOBbrSj0X0M+yjA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
That was indeed it. Thanks, Chris!
On Fri, Feb 19, 2021 at 6:07 PM Christopher Bongaarts via users <
users@shibboleth.net> wrote:
> On 2/19/2021 3:57 PM, Jeffrey Williams via users wrote:
> > An issue has cropped up in our dev environment where certain
> > attributes are being asserted twice in outgoing SAML assertions. The
> > debug logs seem to indicate that the attributes in question are
> > resolving with the expected values and go through deduplication as one
> > would expect.
> >
> > However, the outgoing SAML assertion is logged and sent with certain
> > attributes having duplicate entries. It seems to be the same
> > attributes each time.
>
> Usual cause of this would be the new Attribute Registry feature in 4.0
> and the old AttributeEncoder in attribute-resolver.xml causing the
> multiple encodings. Check the General Configuration section on:
>
>
> https://wiki.shibboleth.net/confluence/display/IDP4/AttributeRegistryConfiguration
>
> to see where to start looking...
>
> --
> %% Christopher A. Bongaarts %% cab@umn.edu %%
> %% OIT - Identity Management %% http://umn.edu/~cab %%
> %% University of Minnesota %% +1 (612) 625-1809 %%
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe@shibboleth.net
>
--
Jeffrey Williams
Identity & Access Engineer
Identity & Access Services
https://its.uncg.edu
[Attachment #5 (text/html)]
<div dir="ltr">That was indeed it. Thanks, \
Chris!<div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Fri, Feb 19, 2021 at 6:07 PM Christopher Bongaarts via users \
<<a href="mailto:users@shibboleth.net">users@shibboleth.net</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2/19/2021 3:57 PM, \
Jeffrey Williams via users wrote:<br> > An issue has cropped up in our dev \
environment where certain <br> > attributes are being asserted twice in outgoing \
SAML assertions. The <br> > debug logs seem to indicate that the attributes in \
question are <br> > resolving with the expected values and go through \
deduplication as one <br> > would expect.<br>
><br>
> However, the outgoing SAML assertion is logged and sent with certain <br>
> attributes having duplicate entries. It seems to be the same <br>
> attributes each time.<br>
<br>
Usual cause of this would be the new Attribute Registry feature in 4.0 <br>
and the old AttributeEncoder in attribute-resolver.xml causing the <br>
multiple encodings. Check the General Configuration section on:<br>
<br>
<a href="https://wiki.shibboleth.net/confluence/display/IDP4/AttributeRegistryConfiguration" \
rel="noreferrer" target="_blank">https://wiki.shibboleth.net/confluence/display/IDP4/AttributeRegistryConfiguration</a><br>
<br>
to see where to start looking...<br>
<br>
-- <br>
%% Christopher A. Bongaarts %% <a href="mailto:cab@umn.edu" \
target="_blank">cab@umn.edu</a> %%<br> %% OIT - Identity Management \
%% <a href="http://umn.edu/~cab" rel="noreferrer" \
target="_blank">http://umn.edu/~cab</a> %%<br> %% University of Minnesota %% \
+1 (612) 625-1809 %%<br> <br>
-- <br>
For Consortium Member technical support, see <a \
href="https://wiki.shibboleth.net/confluence/x/coFAAg" rel="noreferrer" \
target="_blank">https://wiki.shibboleth.net/confluence/x/coFAAg</a><br> To \
unsubscribe from this list send an email to <a \
href="mailto:users-unsubscribe@shibboleth.net" \
target="_blank">users-unsubscribe@shibboleth.net</a><br> </blockquote></div><br \
clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><div dir="ltr">Jeffrey Williams </div><div dir="ltr">Identity & \
Access Engineer<br>Identity & Access Services<br><a href="https://its.uncg.edu" \
target="_blank">https://its.uncg.edu</a></div></div><div dir="ltr"><br></div><div \
dir="ltr"><img src="https://uncgcdn.blob.core.windows.net/email/UNCGLogo.png"><br></div></div></div></div></div></div></div></div></div>
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic