Thanks Sara,
I wasn't sure if I needed to go via our institutional contact (who is
the main contact for the federation) to raise queries with UK
Federation/SDSS?
The attributes your referring to are probably from our 1.3 IdP. I was
checking this occasionally (mainly for my own sanity). The attribute
policy is deliberately bad. It's just for our small team, All of whom
have accounts via the main institutional IdP, and all have been warned
that our IdP is bad in terms of privacy/DPA (most of our details are in
the public domain anyway). The majority of the time it's only used by
me to demonstrate a working IdP (or is that semi-working with my
mis-configured eduPersonAffiliation attribute?)
This issues I'm having are with some 2.0 IdP's. If I give you the
details of the two entities I'm trying to get working are you able to
check the logs for me? (one is registered to us, another is registered
to an institution I'm assisting in setting up their IdP). Do you need
me to raise this via the UK Federation / JANET (UK) Helpdesk?
Cheers
Jon
> -----Original Message-----
> From: Discussion list for Shibboleth developments [mailto:JISC-
> [log in to unmask]] On Behalf Of Sara Hopkins
> Sent: 06 July 2010 18:10
> To: [log in to unmask]
> Subject: Re: Shib 2.0 - New IdP Install(s) - SAML 1 issues?
>
> Hi Jon,
>
> I'm a member of the SDSS support team, who provide technical support
to
> UK federation members on behalf of JANET(UK). It's generally a good
> idea
> to post these sorts of questions to the UK federation helpdesk email
> address, who will forward them on to us. The reason we're best placed
> to
> help is that, besides being the ones who are paid to provide the
> technical support to which you're entitled, is that we have access to
> the test service provider logs.
>
> I'm not sure why you can't see them, but I can see that you are
> releasing at least some attributes for your SAML1 tests. Two
> eduPersonAffiliation values are being thrown away because you are
> releasing member@scope and staff@scope instead of just member and
staff
> (you don't need a scope for a scoped attribute). In any case, you
don't
> need to release eduPersonAffiliation or most of these other attributes
> anyway. I would just stick with eduPersonScopedAffiliation and
> eduPersonTargetedID for now. No SPs will require you to release things
> like sn or mail.
>
> Please get back to me if you have any queries.
>
> Sara Hopkins
> SDSS Support Team
>
> On 06/07/2010 14:22, Agland J.D. wrote:
> > Hi All,
> > I currently have two new Shibboleth 2.1.5 IdP(s) running on Tomcat
> 6.0
> > (under Windows 2008) - Their seperate installations for seperate
> > domains/organisations.
> > I'm currently using the Federation testsite
> > https://sh2testsp1.iay.org.uk (and https://target.iay.org.uk) to
> verify
> > the functionality of the IdP(s).
> > What I'm experiencing is that when using the SAML 1 testpages I
don't
> > get any attributes passed. Where as using SAML 2 (e.g. Rod's
> Discovery
> > Service), then I do get the attributes passed correctly. It's the
> same
> > on both IdPs.
> > All the logs look fine (even on debug), I can see that those
> attributes
> > are being released. Anyone seen this before. I'm thinking it's
> probably
> > a simple school boy error!?
> > Cheers
> > Jon
> >
---------------------------------------------------------------------
> -
> > Jon Agland E-learning Advisor (Technical)
> > JISC Regional Support Centre (Wales) Phone: 01792 295548
> > Library and Information Services Mobile: 07814 699547
> > Swansea University E-mail: [log in to unmask]
> > Singleton Park Support E-mail: [log in to unmask]
> > Swansea Web: http://www.rsc-wales.ac.uk
> > <https://email.swan.ac.uk/exchweb/bin/redir.asp?URL=http://www.rsc-
> wales.ac.uk>
> > SA2 8PP Blog: http://blogs.rsc-wales.ac.uk/technical
> >
<https://email.swan.ac.uk/exchweb/bin/redir.asp?URL=http://blogs.rsc-
> wales.ac.uk/technical>
> >
---------------------------------------------------------------------
> -
>
>
> --
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
|