Discussion:
IIS 7.5/Windows 8 Server, SP version 2.5.3 - Attributes sent by idP, received by SP but nothing in header print off
Haer, Neelam
2014-09-10 00:00:57 UTC
Permalink
Hi All,

I'm having a peculiar issue with the above setup.

The logs on both the idP and the SP show that the attributes are being sent and received on successful login, however the following simple .aspx code does not show the headers that were returned by the idP. Has anyone else seen this and found a resolution? Thanks,

<%@ Page Language="C#" %>
<html>
<head>
<title>CAS Echo Page</title>
</head>
<body>
You are logged in using CAS!
<hr />
<table>
<%
foreach( string key in Request.Headers )
{
%>
<tr>
<td>
<%= key %>
</td>
<td>
<%= Request.Headers[ key ] %>
</td>
</tr>
<%
}
%>
</table>
</body>
</html>
Cantor, Scott
2014-09-10 00:03:27 UTC
Permalink
On 9/9/14, 8:00 PM, "Haer, Neelam" <nklhaer-cZbHFfHSJIksA/***@public.gmane.org> wrote:
>
>The logs on both the idP and the SP show that the attributes are being
>sent and received on successful login, however the following simple .aspx
>code does not show the headers that were returned by the idP. Has anyone
>else seen this and found a resolution?

You can't do that. Enumerating the headers won't show anything set by the
SP in that particular language.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Haer, Neelam
2014-09-10 00:12:55 UTC
Permalink
Hi Scott,

Thanks for your reply.

I actually have used the same .aspx code with a "test" Shibboleth SP setup and it prints off everything perfectly. So I'm not sure why in one instance it would work fine and on my client's site, it would only show the following: but not the actual attributes sent:


Connection keep-alive
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cookie _shibstate_1410303174_2348=https%3A%2F%2FMASKED%2Febusiness%2F; _shibstate_1410303448_be18=https%3A%2F%2FMASKED%2Febusiness%2F; ASP.NET_SessionId=bg03hftgbopztesy2ae0ugbv; EBBasket_903A2400623AD94168AB58A83F597BC5=551db79a-c543-4590-9dde-b0988c4d20c0; _shibstate_1410303864_2900=https%3A%2F%2FMASKED%2Febusiness%2Fiamtest.aspx; _shibstate_1410303927_2348=https%3A%2F%2FMASKED%2Febusiness%2Fiamtest.aspx; _shibstate_1410304770_2900=https%3A%2F%2FMASKED%2Febusiness%2Fiamtest.aspx; _shibstate_1410306223_2900=https%3A%2F%2FMASKED%2Febusiness%2Fiamtest.aspx; _shibsession_64656661756c7468747470733a2f2f626f70732d6562757374322d7473742e627573736f70732e7562632e63612f73686962626f6c657468=_de89512deabeedac3c112f6ca9ab7351; _saml_idp=aHR0cHM6Ly9zaGliYm9sZXRoMi5zdGcuaWQudWJjLmNhL2lkcC9zaGliYm9sZXRo
Host MASKED
Referer https://MASKED/idp/profile/SAML2/Redirect/SSO?SAMLRequest=jVLLbsIwEPyVyHdi8gCBRZAoqCoSbRGhPfRS2c4WLCV26nX6%2BPs6AQq9oEor2dodz%2BzOeoK8Kms2a9xeb%2BC9AXTBV1VqZF0hI43VzHBUyDSvAJmTLJ%2Fdr1gc9lltjTPSlCSYIYJ1yui50dhUYHOwH0rC02aVkb1zNTJKhamxB6JBF%2FccutDf0KfCRshQcprvlRCmBLcPfZ62KjFdP%2BZbEix8W0rzVuBMh7%2F4OES3C1VxYlJFTX1vb6qEI80GCmVBOprnjyS4NVZCN3JGIhIsFxl5lWKYpKngo2EySlIoRiLiUTEY%2BGNc8KKFITaw1Oi4dhmJ%2B1Ha6499bOOEpW28kGB9dORG6ULp3XX7xAGE7G67XfcOkz6DxW5KDyDTSbsE1gnbi7Vcp%2BWnXZDpP50%2FOzmhF4oH%2BZo9eInlYm1KJb%2BDWVmaz7kF7qA1j04PT%2F5%2BoekP&RelayState=cookie%3A1410306223_2900&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=RM2dyCakYgAspPEyuOWIk2KxGVNika1Xds5KtOtrgweLwC5v%2F2%2Be3U%2FyRtMyczGnWTnkHKw2TkomyLT5FU1F02yYjswahOFyuUHPSSTkTooc9GK0xAXQKEacnq55yDU83JxsP3
6gsNFYiLqmHsYtcOXFh950zxdQkqnc%2BMLnI6TjuQC2AlofzYoRLWxQvS6Vd31qMvwLjKZaV1%2BI4UTIGZCUCXAdUVI6CIa4R%2FzlpoISY%2F5ZOg6J2xa3%2FmUvyv4M4H2DZgVMKNJOWAKsgAE7%2FeLQQZmkEqFwU%2BnYVBV%2FVPNWToUm%2FY
QuVCKA805LSRTuBIkiZqIvxG9Y2qaPBLdy7A%3D%3D
User-Agent Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
DNT 1
ShibSpoofCheck 56550572718779232125761347822073746039a
604-827-2745


________________________________________
From: users-bounces-***@public.gmane.org [users-bounces-***@public.gmane.org] on behalf of Cantor, Scott [cantor.2-ZbGKxL/***@public.gmane.org]
Sent: September-09-14 5:03 PM
To: Shib Users
Subject: Re: IIS 7.5/Windows 8 Server, SP version 2.5.3 - Attributes sent by idP, received by SP but nothing in header print off

On 9/9/14, 8:00 PM, "Haer, Neelam" <nklhaer-cZbHFfHSJIksA/***@public.gmane.org> wrote:
>
>The logs on both the idP and the SP show that the attributes are being
>sent and received on successful login, however the following simple .aspx
>code does not show the headers that were returned by the idP. Has anyone
>else seen this and found a resolution?

You can't do that. Enumerating the headers won't show anything set by the
SP in that particular language.

-- Scott

--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Cantor, Scott
2014-09-10 00:18:51 UTC
Permalink
On 9/9/14, 8:12 PM, "Haer, Neelam" <nklhaer-cZbHFfHSJIksA/***@public.gmane.org> wrote:
>
>I actually have used the same .aspx code with a "test" Shibboleth SP
>setup and it prints off everything perfectly.

I'm not aware of enumeration ever working, but it doesn't really matter,
that isn't the way it's used by real applications anyway.

-- Scott


--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Haer, Neelam
2014-09-10 17:54:09 UTC
Permalink
Hi Scott,

Thanks again for your reply.

Do you have any examples available in C# that show how to properly extract attributes from Shibboleth? My understanding was that they'd be available in the Request headers, but if that's not the case, then I'll have to keep searching for how to get them. If you have any info on that, would be great.

Thanks,


________________________________________
From: users-bounces-***@public.gmane.org [users-bounces-***@public.gmane.org] on behalf of Cantor, Scott [cantor.2-ZbGKxL/***@public.gmane.org]
Sent: September-09-14 5:18 PM
To: Shib Users
Subject: Re: IIS 7.5/Windows 8 Server, SP version 2.5.3 - Attributes sent by idP, received by SP but nothing in header print off

On 9/9/14, 8:12 PM, "Haer, Neelam" <nklhaer-cZbHFfHSJIksA/***@public.gmane.org> wrote:
>
>I actually have used the same .aspx code with a "test" Shibboleth SP
>setup and it prints off everything perfectly.

I'm not aware of enumeration ever working, but it doesn't really matter,
that isn't the way it's used by real applications anyway.

-- Scott


--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Cantor, Scott
2014-09-10 18:00:57 UTC
Permalink
On 9/10/14, 1:54 PM, "Haer, Neelam" <nklhaer-cZbHFfHSJIksA/***@public.gmane.org> wrote:
>
>Do you have any examples available in C# that show how to properly
>extract attributes from Shibboleth? My understanding was that they'd be
>available in the Request headers, but if that's not the case, then I'll
>have to keep searching for how to get them. If you have any info on
>that, would be great.

They are in the headers. The only examples I have are in the wiki. [1]

You should also fully understand [2], and I have no idea how C# is
impacted.

-- Scott

[1]
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAcces
s
[2] https://wiki.shibboleth.net/confluence/display/SHIB2/secadv_20090615

--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Haer, Neelam
2014-09-10 21:55:31 UTC
Permalink
Great - thanks Scott.

-----Original Message-----
From: users-bounces-***@public.gmane.org [mailto:users-bounces-***@public.gmane.org] On Behalf Of Cantor, Scott
Sent: September-10-14 11:01 AM
To: Shib Users
Subject: Re: IIS 7.5/Windows 8 Server, SP version 2.5.3 - Attributes sent by idP, received by SP but nothing in header print off

On 9/10/14, 1:54 PM, "Haer, Neelam" <nklhaer-cZbHFfHSJIksA/***@public.gmane.org> wrote:
>
>Do you have any examples available in C# that show how to properly
>extract attributes from Shibboleth? My understanding was that they'd
>be available in the Request headers, but if that's not the case, then
>I'll have to keep searching for how to get them. If you have any info
>on that, would be great.

They are in the headers. The only examples I have are in the wiki. [1]

You should also fully understand [2], and I have no idea how C# is impacted.

-- Scott

[1]
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPAttributeAcces
s
[2] https://wiki.shibboleth.net/confluence/display/SHIB2/secadv_20090615

--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Loading...