Hi.
I have a problem where no attributes are sent from SSPHP to SP if the SP metadata contains “RequestedAttributes”
Have seen this in version 2.3.5, 2.3.7 and now in 2.4.2 though it’s time to sort this out now 😊
A Snipp from the Metadata
<q1:AttributeConsumingService index="0" isDefault="true">
<q1:ServiceName xml:lang="da">SP</q1:ServiceName>
<q1:RequestedAttribute Name="urn:UserName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" isRequired="true" />
<q1:RequestedAttribute Name="urn:GivenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" isRequired="true" />
<q1:RequestedAttribute Name="urn:Surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" isRequired="true" />
</q1:AttributeConsumingService>I use Metarefresh to download the metadata.
I get the attributes from LDAP so I use AttributeLimit and AttriubuteMap to map the LDAP attributes .
This is how it is configured in module_metarefresh.php
'authproc' => [
50 => [
'class' => 'core:AttributeLimit',
'default' => true,
'uid',
'urn:UserName',
'Subject_GivenName',
'urn:GivenName',
'Subject_Surname',
'urn:Surname',
],
60 => [
'class' => 'core:AttributeMap',
'uid' => 'urn:UserName',
'Subject_GivenName' => 'urn:GivenName',
'Subject_Surname' => 'urn:SurName',
],
],The only way to get this to work is to remark ‘attributes’ in saml20-sp-remote.php after metarefresh has downloaded the metadata. ‘attributes.required’ can be left unchanged.
/*
'attributes' => [
'urn:UserName',
'urn:GivenName',
'urn:SurName',
],
*/
'attributes.required' => [
'urn:UserName',
'urn:GivenName',
'urn:SurName',
],
How can I get this to work?