SP authentification attribute not found [attribute] => uid (again)

[Rika Kobayashi]

This is a Filesender related issue but browsing the Filesender sympa archive seems to suggest this support list may be more appropriate.
I too am getting this error (addressed twice in the Filsender archives, and several times here) which I believe is due to the Filesender auth_sp_saml settings. The replies I have found here appear to be related to using an IdP but I am not going down that route for the moment. I am currently investigating several data serving options in my VM sandbox so not ready to register with an IdP.
Thus I was hoping to use 

   $config['auth_sp_saml_authentication_source'] = 'htpasswd';

but I am not sure what to put in:

$config['admin'] = '';        // String, UID's (from  $config['saml_uid_attribute'])
$config['auth_sp_saml_uid_attribute'] = 'eduPersonTargetedID';

which I am assuming is leading to the error message: [attribute] => uid

I tried various uids and usernames corresponding to my VM admin account and user in .htpasswd to no avail.
I can authenticate successfully with admin and htpasswd in my standalone simplesaml install so I believe I have it configured correctly and it is a Filesender mismatch. Is there a way to authenticate Filesender through simplesaml without using an IdP (I also tried authentication_source 'admin' and get the same error)?
Any advice would be greatly appreciated.

Best wishes,
Rika

PS Happy New Year

[Hadia Yaseen]

hi rika 

Your problem faced to me also

and I find your email when I searching to find the solution

sure you solved the problem, but if not my solution below,

I solved it by defining the below

define "$config['admin'] = ''";  "

            "$config['auth_sp_saml_uid_attribute'] = 'uid';" in config.php for filesender

and define the below for saml20-idp-hosted.php

'authproc' => [

  50 => [

       'class' => 'core:AttributeMap',

        'oid2name',

],],

hope this will be useful for you and other 

Hadia Yaseen

[Peter Schober]

* Hadia Yaseen <hadiay...@gmail.com> [2021-07-09 06:56]:
> "$config['admin'] = ''"; "

Well, I'd set FileSender's $config['admin'] parameter to the uid value
of the subjects that should have access to your FileSender's admin UI.
(It could also be an array of uid values.)

But that's completely optional and by not listing the admins in that
parameter simply noone will get the rights to the FileSender admin UI.

> $config['auth_sp_saml_uid_attribute'] = 'uid';

Reasonable for local authentication, not so for federated
authentication since uid values are not necessarily globally unique
(as far as the specification goes):
uid=foo from IDP A may not be the same as uid=foo from IDP B.

> and define the below for saml20-idp-hosted.php
>
> 'authproc' => [
> 50 => [
> 'class' => 'core:AttributeMap',
> 'oid2name',
> ],],

oid2name makes sense if you're dealing with federated authentication
and the IDP uses the proper urn:oid formal attribute names, so the
above would translate "urn:oid:0.9.2342.19200300.100.1.1" to "uid"
(i.e., make "uid" the name of the attribute within SimpleSAMLphp and
therefore FileSender).

If you're only dealing with local authentication I'm not sure whether
saml20-idp-hosted.php is the right place for this. In any case
SimpleSAMLphp's config.php should work fine.

But federated authentication and 'uid' don't really match, so the
"solution" as presented doesn't make much sense.

Best,
-peter