oiosaml SP with simplesaml IDP

[Salvatore Leone]

Hello,

we have configured a simplesamlphp IDP and SP and all it's working fine.

Now I need to use OIOSaml which is a Java SP. The test isntallation
works fine a correctly authenticate the user. But there is a problem. I
can't access to the 'username" variable which in my simplesamlphp
configuration holds the user name (easy to remember, isn't it?)

Using the simplesamlphp SP all the attributes are accessible via the
$session = SimpleSAML_Session::getInstance();

But we can't find nothing similar in OIOSaml. I know I should ask to
OIOSaml forum or mailing list and I would do that if they had one...

So I hope someone of you have faced with OIOsaml and can help me.

-Salvatore

[Mark Nelson]

Salvatore-

You can retrieve the attributes from the UserAssertion object in OIOSaml
like so:

UserAssertion ua = UserAssertionHolder.get();
if (ua.isAuthenticated()) {
String userName = ua.getAttribute("username").getValue());
....

Thanks,

Mark

[Salvatore Leone]

Mark Nelson ha scritto:

> Salvatore-
>
> You can retrieve the attributes from the UserAssertion object in OIOSaml
> like so:
>
> UserAssertion ua = UserAssertionHolder.get();
> if (ua.isAuthenticated()) {
> String userName = ua.getAttribute("username").getValue());
> ....
>
>

Thanks for your answer.

this code bring us to a nullPointerException...

We also writed this one:

for (UserAttribute a : ua.getAllAttributes()) {
%><li><%= a.toString() %></li><%
}

but nothing's printed, so there are no user attributes.

It could be a misconfiguration of simplesamlphp or oiosaml or both?

thanks again,
-Salvatore

[Salvatore Leone]

Salvatore Leone ha scritto:

> Mark Nelson ha scritto:
>
>> Salvatore-
>>
>> You can retrieve the attributes from the UserAssertion object in OIOSaml
>> like so:
>>
>> UserAssertion ua = UserAssertionHolder.get();
>> if (ua.isAuthenticated()) {
>> String userName = ua.getAttribute("username").getValue());
>> ....
>>
>>
>>

Maybe I've got some other useful information. At least one of OIOSaml
developer answer to us and he says that for using AttributeQuery, the
ipd metadata must contain an AttributeAuthorityDescriptor element.

I'm pretty sure there isn't such element un my idp metadata.

So I think I have to add it in some way... any of you knows how? and why
the simplesaml sp installation can read all the attributes without this
element?

-Salvatore

[Olav Morken]

SimpleSAMLphp includes the attributes in the authentication response,
so no additional query is required by the SP to retrieve the attributes.
The AttributeQuery protocol is not supported by simpleSAMLphp. If there
is no option to make OIOSaml use the attributes it receives in the
authentication response, simpleSAMLphp and OIOSaml are currently
incompatible.

--
Olav Morken

[Victoriano Giralt]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

On 3/8/09 07:41, Olav Morken wrote:
> SimpleSAMLphp includes the attributes in the authentication response,
> so no additional query is required by the SP to retrieve the attributes.
> The AttributeQuery protocol is not supported by simpleSAMLphp. If there
> is no option to make OIOSaml use the attributes it receives in the
> authentication response, simpleSAMLphp and OIOSaml are currently
> incompatible.

An external provider has made OIOSAML work as an SP for authenticating
our oracle Portal to our SimpleSAMLphp IdP, so it can be done, but I do
not know the nitty gritty details, and I'll be away from my systems
today. I'll report tomorrow if there's been no other response.

- --
Victoriano Giralt
Systems Manager
Central ICT Services
University of Malaga
SPAIN
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKdpMvV6+mDjj1PTgRAwU0AKCd5oostb16jTj69aYC7u/3a1QEBwCfTyTK
THSVmW6WZ8R0vSve3XvdMxA=
=c4HE
-----END PGP SIGNATURE-----

[Salvatore Leone]

> An external provider has made OIOSAML work as an SP for authenticating
> our oracle Portal to our SimpleSAMLphp IdP, so it can be done, but I do
> not know the nitty gritty details, and I'll be away from my systems
> today. I'll report tomorrow if there's been no other response.
>

I really appreciate any information you can provide me!

-Salvatore

[Brook Schofield]

Attached is a modified version the the KU Leuven shibenv.jsp
http://shib.kuleuven.be/download/sp/test_scripts/ that displays the
attributes from OIOSAML.java that are provided by our simpleSAMLphp
IdP. Hopefully has some value to you.

-Brook

--
===========================================
Brook Schofield, TERENA Project Development Officer
TERENA Secretariat, Singel 468 D, 1017 AW Amsterdam, The Netherlands
Tel +31 20 530 4488 Fax +31 20 530 4499 Mob +31 65 155 3991
www.terena.org

[Joakim Recht]

Salvatore Leone wrote:
> this code bring us to a nullPointerException...
>
> We also writed this one:
>
> for (UserAttribute a : ua.getAllAttributes()) {
> %><li><%= a.toString() %></li><%
> }
>
> but nothing's printed, so there are no user attributes.
>
> It could be a misconfiguration of simplesamlphp or oiosaml or both?

Hi

This is probably a misconfiguration of the IdP, otherwise the received
attributes should be printed here.

Regards,
--
Joakim Recht

Trifork A/S, Margrethepladsen 4, 8000 Aarhus C, Denmark
Phone: +45 8732 8787 / Mobile: +45 2021 6257
http://www.trifork.com - E-mail: j...@trifork.com

[Salvatore Leone]

Joakim Recht ha scritto:

> Hi
>
> This is probably a misconfiguration of the IdP, otherwise the received
> attributes should be printed here.
>
> Regards,
>

I installed my own oiosaml sp, and everything works fine (I can see the
'username' attribute). Probably is a misconfiguration in the oiosaml
installation of my work associate.

don't know what he did, but I think I can fix it now.

Thanks everybody for helping me.

-Salvatore