Hi,
I spotted my bug: the "Assertion" was returned inside a "Response", now I
return only the "Assertion" and it's ok :) .
Thank you for your help.
Vincent
Le 05/07/2013 13:05, « Stefan Paetow » <[log in to unmask]> a
écrit :
>Having looked at it further, there are some bits from the assertion that
>are filtered out.
>
>Attributes "carregistration", "cn", "objectclass", "userpassword",
>"studentcard", "visacard", "sn", "mastercard", "postaladdress", "uid" are
>not returned in GSS because they don't have a mapping in attribute-map.xml
>
>Attribute "edupersonprincipalname" is known, but is not in scoped format
>(i.e. "principalname@realm"), so the ScopedAttributeDecoder and the
>attribute filter strip it out.
>
>The bits that DO come through are RADIUS attributes 1 (User-Name), 79
>(EAP-Message) and 80 (Message-Authenticator). The assertion itself is
>consumed and AFAIK doesn't ever get spat out again as an attribute of its
>own (although gss-server with -verbose mode usually shows it).
>
>Hope that helps more. Thanks for posting your pySAML connector... this
>helps! :-)
>
>Regards
>
>Stefan
>
>
>> -----Original Message-----
>>
>> Thank you for the reply. I took these configuration file from the last
>> live DVD: https://gist.github.com/gierschv/5933837
>> I didn't added my attributes yet since I was thinking that the unknowns
>> would be just filtered.
>
>
>--
>This e-mail and any attachments may contain confidential, copyright and
>or privileged material, and are for the use of the intended addressee
>only. If you are not the intended addressee or an authorised recipient of
>the addressee please notify us of receipt by returning the e-mail and do
>not use, copy, retain, distribute or disclose the information in or
>attached to the e-mail.
>Any opinions expressed within this e-mail are those of the individual and
>not necessarily of Diamond Light Source Ltd.
>Diamond Light Source Ltd. cannot guarantee that this e-mail or any
>attachments are free from viruses and we cannot accept liability for any
>damage which you may sustain as a result of software viruses which may be
>transmitted in or with the message.
>Diamond Light Source Limited (company no. 4375679). Registered in England
>and Wales with its registered office at Diamond House, Harwell Science
>and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
>
|