alexng (Nov 09 2023 at 10:00): alexng (Nov 09 2023 at 10:00):web error message: Problem with Identity Provider – The SAML assertion for "eppn" was null. Please contact support.
shibboleth log message:
2023-11-09 16:58:54 WARN Shibboleth.AttributeFilter [1] [default]: attribute (eppn) invalid scope (sysdev.pclan.xxx)
2023-11-09 16:58:54 WARN Shibboleth.AttributeFilter [1] [default]: removed value at position (0) of attribute (eppn) from (http://stswebdev.sysdev.pclan.xxx)
2023-11-09 16:58:54 WARN Shibboleth.AttributeFilter [1] [default]: no values left, removing attribute (eppn) from (http://stswebdev.sysdev.pclan.xxx)
SAML response has eppn value (alexng@sysdev.pclan.xxx), but shibd still not working, anyone knows how to fix this issue? thanks
Oliver Bertuch (Nov 09 2023 at 10:27):We might need to wait until our Shib hero @Don Sizemore is around. Timezones... :wink:
Also, I am moving this thread to #troubleshooting as it does not seem to be dev related (for now)
Notification Bot (Nov 09 2023 at 10:27):This topic was moved here from #dev > SAML Login issue by Oliver Bertuch.
Don Sizemore (Nov 09 2023 at 12:57):alexng said:
web error message: Problem with Identity Provider – The SAML assertion for "eppn" was null. Please contact support.
shibboleth log message:
2023-11-09 16:58:54 WARN Shibboleth.AttributeFilter [1] [default]: attribute (eppn) invalid scope (sysdev.pclan.xxx)
2023-11-09 16:58:54 WARN Shibboleth.AttributeFilter [1] [default]: removed value at position (0) of attribute (eppn) from (http://stswebdev.sysdev.pclan.xxx)
2023-11-09 16:58:54 WARN Shibboleth.AttributeFilter [1] [default]: no values left, removing attribute (eppn) from (http://stswebdev.sysdev.pclan.xxx)SAML response has eppn value (alexng@sysdev.pclan.xxx), but shibd still not working, anyone knows how to fix this issue? thanks
@alexng what's powering the IDP?
Oliver Bertuch (Nov 09 2023 at 13:43):I suppose they might already be back to sleep... https://www.timeanddate.com/worldclock/macau/macau
Oliver Bertuch (Nov 09 2023 at 13:51):Are they missing config bits for the scope? https://shibboleth.atlassian.net/wiki/spaces/IDP30/pages/2496987397/ScopeConfiguration
Philip Durbin 🚀 (Nov 09 2023 at 13:53):I usually ask to try the equivalent of https://demo.dataverse.org/Shibboleth.sso/Session
alexng (Nov 10 2023 at 02:06):I got message form "/Shibboleth.sso/Session" , other attributes received successfully
Miscellaneous
Session Expiration (barring inactivity): 479 minute(s)
Client Address: 161.64.159.78
SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol
Identity Provider: http://stswebdev.sysdev.pclan.umac.mo/adfs/services/trust
Authentication Time: 2023-11-10T01:52:18.293Z
Authentication Context Class: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Authentication Context Decl: (none)
Attributes
cn: alexng
givenName: alexng
mail: alexng@sysdev.pclan.umac.mo
alexng (Nov 10 2023 at 02:14):Oliver Bertuch said:
Are they missing config bits for the scope? https://shibboleth.atlassian.net/wiki/spaces/IDP30/pages/2496987397/ScopeConfiguration
You mean need to add the scope in attribute-map.xml ?
my attribute mapping is using this one https://guides.dataverse.org/en/latest/_downloads/2fa33ab92f96836906cbf6d9d3badeb9/attribute-map.xml
alexng (Nov 10 2023 at 09:13):thank you all of you, I solved the problem, I change the "eppn" scope in attribute-policy.xml
Oliver Bertuch (Nov 10 2023 at 11:08):Glad you could figure it out!
Notification Bot (Nov 10 2023 at 11:09):Oliver Bertuch has marked this topic as resolved.
Last updated: Jan 09 2026 at 14:18 UTC