JISCMail - MOONSHOT-COMMUNITY Archives

Hi Vincent, 

I suspect that it's not the assertion at fault, but rather the Shibboleth configuration you have. Could you possibly show us shibboleth2.xml and attribute-map.xml?

The reason I say this is because in the log you have, these warnings occur:

711.2013-07-05 01:15:31 DEBUG Shibboleth.AttributeExtractor.XML : unable to extract attributes, unknown XML object type: {urn:mace:shibboleth:2.0:attribute-map}GSSAPIName
713.2013-07-05 01:15:31 WARN Shibboleth.AttributeResolver.Query : can't attempt attribute query, either no NameID or no metadata to use

The first one specifically would be the one I would start hunting down. There are lots of DEBUG statements before that that show that Shibboleth has parsed the assertion, but something after that goes wrong. 

P.S. I would be interested in seeing how you use PySAML2 for our use here at DLS. :-)

Stefan


> -----Original Message-----
> From: Moonshot community list [mailto:MOONSHOT-
> [log in to unmask]] On Behalf Of Vincent Giersch
> Sent: 05 July 2013 01:29
> To: [log in to unmask]
> Subject: SAML assertion not returned in the GSS attributes
> 
> Hi,
> 
> I meet a strange problem: I build a testing SAML assertion with PySAML2
> (http://pastebin.com/nnTh2SyG), return it in the RADIUS reply
> (http://pastebin.com/9LvSgmSj) but the assertion is not returned as an
> attribute and I don't see any parsing error in my debug log
> (http://pastebin.com/MiDeeR35).
> 
> Someone would have a potential solution that could help me to
> understand what is going wrong with this assertion ?
> 
> Thanks in advance,
> Vincent

-- 
This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. 
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom