Hello moonshot community
how can we configure the built-in Shibboleth SP component to use an
external Shibboleth IdP to request authorization data of authenticated user?
We've rebuild the moonshot ssh test scenario, set up a little Shibboleth
federation and configured EAP's built-in Shibboleth component in order
to contact external an IdP (without success):
Applying
$ ssh -vvv moonshot@localhost
produces the following shibd-Output:
2011-09-06 14:54:33 INFO XMLTooling.SecurityHelper : loading
certificate(s) from file (/etc/ssl/public/bwidm-sp01.uni-konstqanz.de.pem)
2011-09-06 14:54:33 INFO Shibboleth.Application : no ListenerService
available, Application remoting disabled
2011-09-06 14:54:33 DEBUG ShibbolethResolver : extracting pushed
attributes...
2011-09-06 14:54:33 DEBUG Shibboleth.AttributeDecoder.Scoped : decoding
ScopedAttribute (eppn) from SAML 2 Attribute
(urn:oid:1.3.6.1.4.1.5923.1.1.1.6) with 1 value(s)
2011-09-06 14:54:33 DEBUG Shibboleth.AttributeDecoder.String : decoding
SimpleAttribute (local-login-user) from SAML 2 Attribute
(urn:oid:1.3.6.1.4.1.5923.1.1.1.7) with 1 value(s)
2011-09-06 14:54:33 DEBUG Shibboleth.AttributeExtractor.XML : unable to
extract attributes, unknown XML object type:
{urn:mace:shibboleth:2.0:attribute-map}GSSAPIName
2011-09-06 14:54:33 DEBUG Shibboleth.AttributeFilter : filtering 2
attribute(s) from (unknown source)
2011-09-06 14:54:33 DEBUG Shibboleth.AttributeFilter : applying
filtering rule(s) for attribute (eppn) from (unknown source)
2011-09-06 14:54:33 WARN Shibboleth.AttributeFilter : removed value at
position (0) of attribute (eppn) from (unknown source)
2011-09-06 14:54:33 DEBUG Shibboleth.AttributeFilter : applying
filtering rule(s) for attribute (local-login-user) from (unknown source)
2011-09-06 14:54:33 WARN Shibboleth.AttributeFilter : no values left,
removing attribute (eppn) from (unknown source)
2011-09-06 14:54:33 DEBUG ShibbolethResolver : resolving attributes...
2011-09-06 14:54:33 DEBUG Shibboleth.AttributeResolver.Query : found
AttributeStatement in input to new session, skipping query
2011-09-06 14:54:33 INFO Shibboleth.AttributeExtractor.XML : reload
thread started...running when signaled
2011-09-06 14:54:33 INFO Shibboleth.AttributeFilter : reload thread
started...running when signaled
2011-09-06 14:54:33 INFO OpenSAML.MetadataProvider.XML : reload thread
started...running every 7200 seconds
Best regards,
Markus
|