cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Dubravko Voncina <dubravko.voncina AT srce.hr>
- To: Alfonso Sparano <asparano AT unisa.it>, cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] idp problem
- Date: Wed, 4 May 2016 19:18:03 +0200
Hello Alfonso,
It seems that your IdP provides invalid eduPersonTargetedID attribute name. For example, AttributeStatement from your IdP looks like:
<saml2:AttributeStatement>
...
<saml2:Attribute FriendlyName="eduPersonTargetedID" Name="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue>...</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
but instead of "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", attribute name should be "urn:oid:1.3.6.1.4.1.5923.1.1.1.10" like in the following example:
<saml:AttributeStatement>
...
<saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
>
<saml:AttributeValue xsi:type="xs:string"> ... </saml:AttributeValue>
</saml:Attribute>
...
</saml:AttributeStatement>
Best regards,
Dubravko Voncina
Middleware and Data Services Department
University of Zagreb, University Computing Centre, www.srce.unizg.hr
dubravko.voncina AT srce.hr,
tel: +385 98 219273, fax: +385 1 6165559
On 03.05.2016 16:12, Alfonso Sparano wrote:
Hello,
I’m Alfonso Sparano from Università di Salerno. We are trying to
configure our shibboleth idp (we are member of IDEM Federation) to
access cat resource.
We receive this error after that your SP redirect on our IDP:
In our idp I’ve configured the metadata and we also send
eduPersonTargetedID, as you can see from this log:
16:06:34.068 - INFO [Shibboleth-Audit:970] -
20160503T140634Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a33d2050d137a2193692c291723f2fdf1fc16889d3|https://monitor.eduroam.org/sp/module.php/saml/sp/metadata.php/default-sp|urn:mace:shibboleth:2.0:profiles:saml2:sso|https://idem.unisa.it/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8df65aa4fa6cef542e01cb614488f5a2|asparano|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonScopedAffiliation,transientId,eduPersonTargetedID,|_a0c5cecf386c3a08e9c85b2cd9530764||
Could you help us to resolve this issue?
Best regards
Alfonso Sparano
To unsubscribe, send this message:
mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link:
https://lists.geant.org/sympa/sigrequest/cat-users
- [[cat-users]] idp problem, Alfonso Sparano, 05/03/2016
- Re: [[cat-users]] idp problem, Stefan Winter, 05/04/2016
- [[cat-users]] R: idp problem, Alfonso Sparano, 05/04/2016
- Re: [[cat-users]] idp problem, Dubravko Voncina, 05/04/2016
- Re: [[cat-users]] idp problem, Stefan Winter, 05/04/2016
Archive powered by MHonArc 2.6.19.