IDP attributes are empty

[Sreejith K]

Hello,

I have configured SimpleSAML SP and Shiboleth IDP successfully and am able to login.
But I am not getting any attributes from IDP. Below is the error log.


/var/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:423 (sspmod_saml_Auth_Source_SP::handleResponse)
/var/simplesamlphp/modules/saml/www/sp/saml1-acs.php:80 (require)
/var/simplesamlphp/www/module.php:135 (N/A)
SimpleSAML_Error_Exception: Error 8 - Undefined index:  saml:sp:SessionIndex

/var/simplesamlphp/www/_include.php:56 (SimpleSAML_error_handler)
/var/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:424 (sspmod_saml_Auth_Source_SP::handleResponse)
/var/simplesamlphp/modules/saml/www/sp/saml1-acs.php:80 (require)

Filter config for http://idp.asm.org/idp/shibboleth->https://iplat1.shib.impelsys.com/simplesaml/module.php/saml/sp/metadata.php/default-sp: array (  0 =>   sspmod_core_Auth_Process_AttributeLimit::__set_state(array(     'allowedAttributes' =>     array (    ),     'isDefault' => false,     'priority' => 50,  )),  1 =>   sspmod_core_Auth_Process_GenerateGroups::__set_state(array(     'generateGroupsFrom' =>     array (      0 => 'eduPersonAffiliation',    ),     'priority' => 60,  )),  2 =>   sspmod_core_Auth_Process_AttributeAdd::__set_state(array(     'replace' => false,     'attributes' =>     array (      'groups' =>       array (        0 => 'users',        1 => 'members',      ),    ),     'priority' => 61,  )),  3 =>   sspmod_core_Auth_Process_LanguageAdaptor::__set_state(array(     'langattr' => 'preferredLanguage',     'priority' => 90,  )),)
GenerateGroups - attribute 'eduPersonAffiliation' not found.
Deleting state: '_7f1f5a936c4944f4e12b776332c47001c8744b2a6a'
Session: doLogin("default-sp")
Session: Valid session found with 'default-sp'.


Regard
Sreejith

[Olav Morken]

On Tue, Apr 12, 2011 at 12:48:39 +0530, Sreejith K wrote:
> Hello,
>
> I have configured SimpleSAML SP and Shiboleth IDP successfully and am able
> to login.
> But I am not getting any attributes from IDP. Below is the error log.
>
>
> /var/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:423
> (sspmod_saml_Auth_Source_SP::handleResponse)
> /var/simplesamlphp/modules/saml/www/sp/saml1-acs.php:80 (require)
> /var/simplesamlphp/www/module.php:135 (N/A)
> SimpleSAML_Error_Exception: Error 8 - Undefined index: saml:sp:SessionIndex

This is a minor warning that shouldn't affect the result.
It should still be fixed though, so I will look at it.

Are you certain that the IdP actually sends any attributes to your SP?
You could set the 'debug' option in config.php. That will cause the
response we receive from the IdP to be logged.

Regards,
Olav Morken
UNINETT / Feide

[Sreejith K]

Now I have configured the SP and IDP with SAML2 and am getting  below error from IDP side.

message did not meet security requirements.

Gone thru various articles and saw that this is the time synchronization issue with IDP and SP. Is there any setting in simpleSAML to resolve this?

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To post to this group, send email to simple...@googlegroups.com.
To unsubscribe from this group, send email to simplesamlph...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/simplesamlphp?hl=en.

[Dyonisius Visser]

On 12 April 2011 11:42, Sreejith K <ksree...@gmail.com> wrote:

> Gone thru various articles and saw that this is the time synchronization
> issue with IDP and SP. Is there any setting in simpleSAML to resolve this?

This is done in /etc/ntp.conf.

--
Dyonisius Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands
T +31 20 530 44 88 F +31 20 530 44 99
vis...@terena.org | www.terena.org