Hi Vincent,
I'm glad to hear its working; but could you elaborate on what you've done
to make it work please? (I'd like to understand why it didnšt work if
returned within a Response element.)
Josh.
On 05/07/2013 15:47, "Vincent Giersch" <[log in to unmask]> wrote:
>Hi,
>
>I spotted my bug: the "Assertion" was returned inside a "Response", now I
>return only the "Assertion" and it's ok :) .
>
>Thank you for your help.
>
>Vincent
>
>Le 05/07/2013 13:05, Ť Stefan Paetow ť <[log in to unmask]> a
>écrit :
>
>>Having looked at it further, there are some bits from the assertion that
>>are filtered out.
>>
>>Attributes "carregistration", "cn", "objectclass", "userpassword",
>>"studentcard", "visacard", "sn", "mastercard", "postaladdress", "uid" are
>>not returned in GSS because they don't have a mapping in
>>attribute-map.xml
>>
>>Attribute "edupersonprincipalname" is known, but is not in scoped format
>>(i.e. "principalname@realm"), so the ScopedAttributeDecoder and the
>>attribute filter strip it out.
>>
>>The bits that DO come through are RADIUS attributes 1 (User-Name), 79
>>(EAP-Message) and 80 (Message-Authenticator). The assertion itself is
>>consumed and AFAIK doesn't ever get spat out again as an attribute of its
>>own (although gss-server with -verbose mode usually shows it).
>>
>>Hope that helps more. Thanks for posting your pySAML connector... this
>>helps! :-)
>>
>>Regards
>>
>>Stefan
>>
>>
>>> -----Original Message-----
>>>
>>> Thank you for the reply. I took these configuration file from the last
>>> live DVD: https://gist.github.com/gierschv/5933837
>>> I didn't added my attributes yet since I was thinking that the unknowns
>>> would be just filtered.
>>
>>
>>--
>>This e-mail and any attachments may contain confidential, copyright and
>>or privileged material, and are for the use of the intended addressee
>>only. If you are not the intended addressee or an authorised recipient of
>>the addressee please notify us of receipt by returning the e-mail and do
>>not use, copy, retain, distribute or disclose the information in or
>>attached to the e-mail.
>>Any opinions expressed within this e-mail are those of the individual and
>>not necessarily of Diamond Light Source Ltd.
>>Diamond Light Source Ltd. cannot guarantee that this e-mail or any
>>attachments are free from viruses and we cannot accept liability for any
>>damage which you may sustain as a result of software viruses which may be
>>transmitted in or with the message.
>>Diamond Light Source Limited (company no. 4375679). Registered in England
>>and Wales with its registered office at Diamond House, Harwell Science
>>and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
>>
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|