'Re: Shib 4.0.1, repeated attributes in SAML assertions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Shib 4.0.1, repeated attributes in SAML assertions
From:       Jeffrey Williams via users <users () shibboleth ! net>
Date:       2021-02-22 18:44:47
Message-ID: CAOvV0TTGmDejFFPgNwaa9Lccxo=xk5WXTTwSOBbrSj0X0M+yjA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


That was indeed it.  Thanks, Chris!



On Fri, Feb 19, 2021 at 6:07 PM Christopher Bongaarts via users <
users@shibboleth.net> wrote:

> On 2/19/2021 3:57 PM, Jeffrey Williams via users wrote:
> > An issue has cropped up in our dev environment where certain
> > attributes are being asserted twice in outgoing SAML assertions.  The
> > debug logs seem to indicate that the attributes in question are
> > resolving with the expected values and go through deduplication as one
> > would expect.
> >
> > However, the outgoing SAML assertion is logged and sent with certain
> > attributes having duplicate entries.  It seems to be the same
> > attributes each time.
>
> Usual cause of this would be the new Attribute Registry feature in 4.0
> and the old AttributeEncoder in attribute-resolver.xml causing the
> multiple encodings.  Check the General Configuration section on:
>
>
> https://wiki.shibboleth.net/confluence/display/IDP4/AttributeRegistryConfiguration
>
> to see where to start looking...
>
> --
> %%  Christopher A. Bongaarts   %%  cab@umn.edu          %%
> %%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
> %%  University of Minnesota    %%  +1 (612) 625-1809    %%
>
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe@shibboleth.net
>


-- 
Jeffrey Williams
Identity & Access Engineer
Identity & Access Services
https://its.uncg.edu

[Attachment #5 (text/html)]

<div dir="ltr">That was indeed it.   Thanks, \
Chris!<div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Fri, Feb 19, 2021 at 6:07 PM Christopher Bongaarts via users \
&lt;<a href="mailto:users@shibboleth.net">users@shibboleth.net</a>&gt; \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2/19/2021 3:57 PM, \
Jeffrey Williams via users wrote:<br> &gt; An issue has cropped up in our dev \
environment where certain <br> &gt; attributes are being asserted twice in outgoing \
SAML assertions.   The <br> &gt; debug logs seem to indicate that the attributes in \
question are <br> &gt; resolving with the expected values and go through \
deduplication  as one <br> &gt; would expect.<br>
&gt;<br>
&gt; However, the outgoing SAML assertion is logged and sent with certain <br>
&gt; attributes having duplicate entries.   It seems to be the same <br>
&gt; attributes each time.<br>
<br>
Usual cause of this would be the new Attribute Registry feature in 4.0 <br>
and the old AttributeEncoder in attribute-resolver.xml causing the <br>
multiple encodings.   Check the General Configuration section on:<br>
<br>
<a href="https://wiki.shibboleth.net/confluence/display/IDP4/AttributeRegistryConfiguration" \
rel="noreferrer" target="_blank">https://wiki.shibboleth.net/confluence/display/IDP4/AttributeRegistryConfiguration</a><br>
 <br>
to see where to start looking...<br>
<br>
-- <br>
%%   Christopher A. Bongaarts     %%   <a href="mailto:cab@umn.edu" \
target="_blank">cab@umn.edu</a>               %%<br> %%   OIT - Identity Management   \
%%   <a href="http://umn.edu/~cab" rel="noreferrer" \
target="_blank">http://umn.edu/~cab</a>   %%<br> %%   University of Minnesota      %% \
+1 (612) 625-1809      %%<br> <br>
-- <br>
For Consortium Member technical support, see <a \
href="https://wiki.shibboleth.net/confluence/x/coFAAg" rel="noreferrer" \
target="_blank">https://wiki.shibboleth.net/confluence/x/coFAAg</a><br> To \
unsubscribe from this list send an email to <a \
href="mailto:users-unsubscribe@shibboleth.net" \
target="_blank">users-unsubscribe@shibboleth.net</a><br> </blockquote></div><br \
clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><div dir="ltr">Jeffrey Williams  </div><div dir="ltr">Identity &amp; \
Access Engineer<br>Identity &amp; Access Services<br><a href="https://its.uncg.edu" \
target="_blank">https://its.uncg.edu</a></div></div><div dir="ltr"><br></div><div \
dir="ltr"><img src="https://uncgcdn.blob.core.windows.net/email/UNCGLogo.png"><br></div></div></div></div></div></div></div></div></div>




-- 
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic