Hi,
Thank you for the reply. I took these configuration file from the last
live DVD: https://gist.github.com/gierschv/5933837
I didn't added my attributes yet since I was thinking that the unknowns
would be just filtered.
For the PySAL2, I just wrote a small rlm_python module to fetch real
attributes from a testing LDAP, nothing extraordinary:
https://github.com/gierschv/freeradius_samlldap/blob/master/freeradius_saml
ldap.py
Vincent
Le 05/07/2013 10:27, « Stefan Paetow » <[log in to unmask]> a
écrit :
>Hi Vincent,
>
>I suspect that it's not the assertion at fault, but rather the Shibboleth
>configuration you have. Could you possibly show us shibboleth2.xml and
>attribute-map.xml?
>
>The reason I say this is because in the log you have, these warnings
>occur:
>
>711.2013-07-05 01:15:31 DEBUG Shibboleth.AttributeExtractor.XML : unable
>to extract attributes, unknown XML object type:
>{urn:mace:shibboleth:2.0:attribute-map}GSSAPIName
>713.2013-07-05 01:15:31 WARN Shibboleth.AttributeResolver.Query : can't
>attempt attribute query, either no NameID or no metadata to use
>
>The first one specifically would be the one I would start hunting down.
>There are lots of DEBUG statements before that that show that Shibboleth
>has parsed the assertion, but something after that goes wrong.
>
>P.S. I would be interested in seeing how you use PySAML2 for our use here
>at DLS. :-)
>
>Stefan
>
>
>> -----Original Message-----
>> From: Moonshot community list [mailto:MOONSHOT-
>> [log in to unmask]] On Behalf Of Vincent Giersch
>> Sent: 05 July 2013 01:29
>> To: [log in to unmask]
>> Subject: SAML assertion not returned in the GSS attributes
>>
>> Hi,
>>
>> I meet a strange problem: I build a testing SAML assertion with PySAML2
>> (http://pastebin.com/nnTh2SyG), return it in the RADIUS reply
>> (http://pastebin.com/9LvSgmSj) but the assertion is not returned as an
>> attribute and I don't see any parsing error in my debug log
>> (http://pastebin.com/MiDeeR35).
>>
>> Someone would have a potential solution that could help me to
>> understand what is going wrong with this assertion ?
>>
>> Thanks in advance,
>> Vincent
>
>--
>This e-mail and any attachments may contain confidential, copyright and
>or privileged material, and are for the use of the intended addressee
>only. If you are not the intended addressee or an authorised recipient of
>the addressee please notify us of receipt by returning the e-mail and do
>not use, copy, retain, distribute or disclose the information in or
>attached to the e-mail.
>Any opinions expressed within this e-mail are those of the individual and
>not necessarily of Diamond Light Source Ltd.
>Diamond Light Source Ltd. cannot guarantee that this e-mail or any
>attachments are free from viruses and we cannot accept liability for any
>damage which you may sustain as a result of software viruses which may be
>transmitted in or with the message.
>Diamond Light Source Limited (company no. 4375679). Registered in England
>and Wales with its registered office at Diamond House, Harwell Science
>and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
>
|