On Wed, 9 May 2018, Peter Schober wrote:
BINGO! This was the info I didn't understand. Wish I'd got it a few years
back. The solution was much easier than I thought.
May 09 15:43:39 simplesamlphp ERROR [ab3baca655] Backtrace:
May 09 15:43:39 simplesamlphp ERROR [ab3baca655] 0
/usr/share/simplesamlphp/www/module.php:180 (N/A)
May 09 15:43:39 simplesamlphp ERROR [ab3baca655] Caused by: Exception:
core:TargetedID: Missing UserID for this user. Please check the
'userid.attribute' option in the metadata against the attributes provided by
the authentication source.
Now I only have to understand the attributes in AD, and somehow get SSP to
use them.
May 09 15:43:39 simplesamlphp DEBUG [ab3baca655] <AttributeStatement>
May 09 15:43:39 simplesamlphp DEBUG [ab3baca655] <Attribute
Name="
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn">
May 09 15:43:39 simplesamlphp DEBUG [ab3baca655]
<AttributeValue>
har...@arcada.fi</AttributeValue>
May 09 15:43:39 simplesamlphp DEBUG [ab3baca655] </Attribute>
May 09 15:43:39 simplesamlphp DEBUG [ab3baca655] <Attribute Name="uid">
May 09 15:43:39 simplesamlphp DEBUG [ab3baca655]
<AttributeValue>harald</AttributeValue>
May 09 15:43:39 simplesamlphp DEBUG [ab3baca655] </Attribute>
May 09 15:43:39 simplesamlphp DEBUG [ab3baca655] </AttributeStatement>
I tried mapping upn and
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn to
edupersonprincipalname in the beginning of authproc.idp, but I'm not sure if
I'm really understanding where the proper place to do this would be.
Oh how easy the days when attributes had short names :)