我正在努力将SAML供应商(Freshdesk)集成到我的Shibboleth环境中。我的问题是nameID格式为空。
阅读我的供应商的文档,他们想要<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">example@test.freshdesk.com</saml:NameID>
我已将此格式添加到我的元数据中,以及我的电子邮件属性定义中的属性编码器内。
然而,在我的调试日志中,我收到此消息:
2015-08-12 18:01:47,005 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.AbstractSAMLAttributeEncoder:154] - Beginning to encode attribute email
2015-08-12 18:01:47,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:73] - Encoding value martinb@psd401.net of attribute email
2015-08-12 18:01:47,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.AbstractSAMLAttributeEncoder:191] - Completed encoding 1 values for attribute email
2015-08-12 18:01:47,007 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAttributeStatementToAssertion:117] - Profile Action AddAttributeStatementToAssertion: Adding constructed AttributeStatement to Assertion _0594703842dee0ce77c66
3989574661b
2015-08-12 18:01:47,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:286] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2015-08-12 18:01:47,009 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:218] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2015-08-12 18:01:47,009 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:82] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2015-08-12 18:01:47,010 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:100] - Configuration specifies the following formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2015-08-12 18:01:47,010 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:121] - Filtered non-metadata-supported formats from configured formats, leaving: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAd
dress]
2015-08-12 18:01:47,010 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:323] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2015-08-12 18:01:47,011 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:396] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2015-08-12 18:01:47,011 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:106] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2015-08-12 18:01:47,011 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:341] - Profile Action AddNameIDToSubjects: Unable to generate a NameID, leaving empty
我一直无法找到AddNameIDToSubjects错误的原因,为什么它将NameID留空?这是我的属性编码器的问题吗?
<resolver:AttributeDefinition id="email" xsi:type="ad:Simple"
sourceAttributeID="mail" >
<resolver:Dependency ref="psdldap" />
<resolver:AttributeEncoder
xsi:type="enc:SAML2StringNameID"
xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" />
<resolver:AttributeEncoder
xsi:type="enc:SAML1String"
name="urn:mace:dir:attribute-def:email"/>
<resolver:AttributeEncoder
xsi:type="enc:SAML2String"
nameFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="email"/>
</resolver:AttributeDefinition>
答案 0 :(得分:1)
应在ng-model
saml-nameid.xml在Custom Identified Configuration部分的Shibboleth Wiki中的更多细节。