lliu
2009-08-23 02:15:23 UTC
Hi, I'm new to Shibboleth, due to time pressure and failures to get obvious
answers via searching, please forgive me if this is a basic question or
duplicate one. Appreciate for lightening!
Environment:
SP: Shibboleth SP 2.2
IDP: ADFS (SAML1.1)
Application: PHP
What I need: After shibboleth building a token successfully, I need to get
the value of an attribute: emailAddress. But it's not cached in the Session.
I need to know what's wrong, how to store it in the session, and how do I
access this attribute. (I'm assuming I should access like: $email =
$_REQUEST['emailAddress'];)
Known points:
1. For now, there's no errors in shibd.log or transactions.log in the whole
process.
2. I don't use AttributeFilter.
3. I tried to print out $_SERVER, $_REQUEST, $_SESSION, $_COOKIE, but not
able to see anything about emailAddress.
Shibboleth2.xml:
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
logger="syslog.logger" clockSkew="180">
<OutOfProcess logger="shibd.logger">
<Extensions>
<Library path="adfs.so" fatal="true"/>
</Extensions>
</OutOfProcess>
<InProcess logger="native.logger">
<Extensions>
<Library path="adfs-lite.so" fatal="true"/>
</Extensions>
</InProcess>
<UnixListener address="shibd.sock"/>
<StorageService type="Memory" id="mem" cleanupInterval="900"/>
<SessionCache type="StorageService" StorageService="mem"
cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>
<ReplayCache StorageService="mem"/>
<ArtifactMap artifactTTL="180"/>
<RequestMapper type="Native">
<RequestMap applicationId="default">
<Host name="idp-test.app.com">
<Path name="secure" authType="shibboleth"
requireSession="true"/>
</Host>
</RequestMap>
</RequestMapper>
<ApplicationDefaults id="default" policyId="default"
entityID="https://idp-test.app.com/shibboleth-sp"
homeURL="https://idp-test.app.com/"
REMOTE_USER="NameIdentifier email NameID persistent-id"
signing="false" encryption="false">
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
handlerURL="/Shibboleth.sso" handlerSSL="true"
exportLocation="http://idp-test.app.com/Shibboleth.sso/GetAssertion"
exportACL="127.0.0.1"
idpHistory="false" idpHistoryDays="7">
<SessionInitiator type="Chaining" Location="/Login"
isDefault="true"
relayState="cookie" entityID="urn:federation:idp">
<SessionInitiator type="ADFS" defaultACSIndex="10"
template="bindingTemplate.html"/>
</SessionInitiator>
<md:AssertionConsumerService Location="/SAML2/POST" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<md:AssertionConsumerService Location="/SAML2/POST-SimpleSign"
index="2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
<md:AssertionConsumerService Location="/SAML2/Artifact"
index="3"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
<md:AssertionConsumerService Location="/SAML2/ECP" index="4"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"/>
<md:AssertionConsumerService Location="/SAML/POST" index="5"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
<md:AssertionConsumerService Location="/SAML/Artifact" index="6"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
<md:AssertionConsumerService Location="/ADFS" index="10"
Binding="http://schemas.xmlsoap.org/ws/2003/07/secext"/>
<md:SingleLogoutService Location="/SLO/SOAP"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
<md:SingleLogoutService Location="/SLO/Redirect"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<md:SingleLogoutService Location="/SLO/POST"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<md:SingleLogoutService Location="/SLO/Artifact"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
<md:ManageNameIDService Location="/NIM/SOAP"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
<md:ManageNameIDService Location="/NIM/Redirect"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<md:ManageNameIDService Location="/NIM/POST"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<md:ManageNameIDService Location="/NIM/Artifact"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
<md:ArtifactResolutionService Location="/Artifact/SOAP"
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
<Handler type="MetadataGenerator" Location="/Metadata"
signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<Handler type="Session" Location="/Session"
showAttributeValues="ture"/>
</Sessions>
<Errors session="sessionError.html"
metadata="metadataError.html"
access="accessError.html"
ssl="sslError.html"
localLogout="localLogout.html"
globalLogout="globalLogout.html"
supportContact="lliu-***@public.gmane.org"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider type="XML" file="idp-metadata.xml"/>
<TrustEngine type="Chaining">
<TrustEngine type="ExplicitKey"/>
</TrustEngine>
<AttributeExtractor type="XML" path="attribute-map.xml"/>
<!-- AttributeFilter type="XML" path="attribute-policy.xml"/ -->
<CredentialResolver type="File" key="sp-key.pem"
certificate="sp-cert.pem"/>
</ApplicationDefaults>
<SecurityPolicies>
<Policy id="default" validate="false">
<PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
<PolicyRule type="Conditions">
<PolicyRule type="Audience">
<saml:Audience>https://idp-test.app.com/shibboleth-sp</saml:Audience>
</PolicyRule>
</PolicyRule>
<PolicyRule type="ClientCertAuth" errorFatal="true"/>
<PolicyRule type="XMLSigning" errorFatal="true"/>
<PolicyRule type="SimpleSigning" errorFatal="true"/>
</Policy>
</SecurityPolicies>
</SPConfig>
attribute-map.xml:
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- WS-Fed attributes -->
<Attribute nameFormat="http://schemas.xmlsoap.org/claims"
name="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" id="email"/>
</Attributes>
assertion file received:
<wst:RequestSecurityTokenResponse
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<saml:Assertion AssertionID="_f2c62902-9f47-41d9-b105-0609b0097f3e"
IssueInstant="2009-08-19T15:31:46Z" Issuer="urn:federation:idp"
MajorVersion="1" MinorVersion="1"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-08-19T15:26:46Z"
NotOnOrAfter="2009-08-19T16:31:46Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://idp-test.app.com/shibboleth-sp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:Advice>
<adfs:CookieInfoHash
xmlns:adfs="urn:microsoft:federation">Y9tp63CT8arjQF4EpjsHFEN+tEE=</adfs:CookieInfoHash>
</saml:Advice>
<saml:AuthenticationStatement
AuthenticationInstant="2009-08-19T15:31:46Z"
AuthenticationMethod="urn:federation:authentication:windows">
<saml:Subject>
<saml:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">John.Smith-MBB5nLxV3/***@public.gmane.org</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_f2c62902-9f47-41d9-b105-0609b0097f3e">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>HvDWZXqG0sv1vtAk+htETsxTUZQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsa:Address>https://idp-test.app.com/shibboleth-sp</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>
Shibd.log:
2009-08-22 07:52:35 INFO Shibboleth.Config : Library versions: Xerces-C
3.0.1, XML-Security-C 1.5.0, XMLTooling-C 1.2.0, OpenSAML-C 2.2.0,
Shibboleth 1.2.0
2009-08-22 07:52:35 INFO XMLTooling.XMLToolingConfig : loading extension:
adfs.so
2009-08-22 07:52:35 INFO XMLTooling.XMLToolingConfig : loaded extension:
/usr/lib/shibboleth/adfs.so
2009-08-22 07:52:35 INFO Shibboleth.Config : building ListenerService of
type UnixListener...
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (set::RelayState)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (get::RelayState)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (set::PostData)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (get::PostData)
2009-08-22 07:52:35 INFO Shibboleth.Config : building StorageService (mem)
of type Memory...
2009-08-22 07:52:35 INFO Shibboleth.Config : building ReplayCache on top of
StorageService (mem)...
2009-08-22 07:52:35 INFO XMLTooling.StorageService : cleanup thread
started...running every 900 seconds
2009-08-22 07:52:35 INFO Shibboleth.Config : building in-memory
ArtifactMap...
2009-08-22 07:52:35 INFO Shibboleth.Config : building SessionCache of type
StorageService...
2009-08-22 07:52:35 INFO Shibboleth.SessionCache : bound to StorageService
(mem)
2009-08-22 07:52:35 INFO Shibboleth.SessionCache : No StorageServiceLite
specified. Using standard StorageService.
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (find::StorageService::SessionCache)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (remove::StorageService::SessionCache)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (touch::StorageService::SessionCache)
2009-08-22 07:52:35 INFO OpenSAML.SecurityPolicyRule.Conditions : building
SecurityPolicyRule of type Audience
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (run::AssertionLookup)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/Login::run::ADFSSI)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML2/POST)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML2/POST-SimpleSign)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML2/Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML2/ECP)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML/POST)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML/Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/ADFS)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/ADFS::run::ADFSLO)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SLO/SOAP)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SLO/Redirect)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SLO/POST)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SLO/Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/NIM/SOAP)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/NIM/Redirect)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/NIM/POST)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/NIM/Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/Artifact/SOAP::run::SAML2Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/Metadata)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/Status)
2009-08-22 07:52:35 INFO Shibboleth.Application : building MetadataProvider
of type XML...
2009-08-22 07:52:35 INFO OpenSAML.MetadataProvider.XML : loaded XML resource
(/etc/shibboleth/idp-metadata.xml)
2009-08-22 07:52:35 INFO Shibboleth.Application : building TrustEngine of
type Chaining...
2009-08-22 07:52:35 INFO XMLTooling.TrustEngine.Chaining : building
TrustEngine of type ExplicitKey
2009-08-22 07:52:35 INFO Shibboleth.Application : building
AttributeExtractor of type XML...
2009-08-22 07:52:35 INFO Shibboleth.AttributeExtractor.XML : loaded XML
resource (/etc/shibboleth/attribute-map.xml)
2009-08-22 07:52:35 INFO Shibboleth.AttributeExtractor.XML : creating
mapping for Attribute
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,
Format/Namespace:http://schemas.xmlsoap.org/claims
2009-08-22 07:52:35 INFO Shibboleth.Application : building
CredentialResolver of type File...
2009-08-22 07:52:35 INFO XMLTooling.SecurityHelper : loading private key
from file (/etc/shibboleth/sp-key.pem)
2009-08-22 07:52:35 INFO XMLTooling.SecurityHelper : loading certificate(s)
from file (/etc/shibboleth/sp-cert.pem)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default::getHeaders::Application)
2009-08-22 07:52:35 INFO Shibboleth.Listener : listener service starting
2009-08-22 10:00:03 DEBUG Shibboleth.Listener [1]: dispatching message
(default::getHeaders::Application)
2009-08-22 10:00:03 DEBUG Shibboleth.Listener [1]: dispatching message
(default/Login::run::ADFSSI)
2009-08-22 10:02:56 DEBUG Shibboleth.Listener [2]: dispatching message
(default::getHeaders::Application)
2009-08-22 10:02:56 DEBUG Shibboleth.Listener [2]: dispatching message
(default/Login::run::ADFSSI)
2009-08-22 10:03:16 DEBUG Shibboleth.Listener [3]: dispatching message
(default/ADFS)
2009-08-22 10:03:16 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [3]:
evaluating message flow policy (replay checking on, expiration 60)
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: inserted record
(_927cb6ae-c911-4df0-b55a-38eae3571893) in context (MessageFlow)
2009-08-22 10:03:16 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [3]:
validating signature profile
2009-08-22 10:03:16 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [3]:
signature verified against message issuer
2009-08-22 10:03:16 DEBUG Shibboleth.SessionCache [3]: creating new session
2009-08-22 10:03:16 DEBUG Shibboleth.SessionCache [3]: storing new
session...
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: inserted record
(session) in context (_19bea61ad8832e173764b19f82d0f506)
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: inserted record
(John.Smith-MBB5nLxV3/***@public.gmane.org) in context (NameID)
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: inserted record
(_927cb6ae-c911-4df0-b55a-38eae3571893) in context
(_19bea61ad8832e173764b19f82d0f506)
2009-08-22 10:03:16 INFO Shibboleth.SessionCache [3]: new session created:
ID (_19bea61ad8832e173764b19f82d0f506) IdP (urn:federation:idp)
Protocol(http://schemas.xmlsoap.org/ws/2003/07/secext) Address
(xxx.xxx.xxx.xxx)
2009-08-22 10:03:16 DEBUG Shibboleth.Listener [3]: dispatching message
(default::getHeaders::Application)
2009-08-22 10:03:16 DEBUG Shibboleth.Listener [3]: dispatching message
(find::StorageService::SessionCache)
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: updated expiration
of valid records in context (_19bea61ad8832e173764b19f82d0f506)
2009-08-22 10:07:35 INFO XMLTooling.StorageService : purged 1 expired
record(s) from storage
2009-08-22 11:07:35 INFO XMLTooling.StorageService : purged 2 expired
record(s) from storage
2009-08-22 18:07:33 INFO XMLTooling.StorageService : purged 1 expired
record(s) from storage
Transation.log:
2009-08-22 10:03:16 INFO Shibboleth-TRANSACTION [3]: New session (ID:
_19bea61ad8832e173764b19f82d0f506) with (applicationId: default) for
principal from (IdP: urn:federation:genmills) at (ClientAddress:
xxx.xxx.xxx.xxx) with (NameIdentifier: Ben.Abraham-ooUP5uptAsxWk0Htik3J/***@public.gmane.org) using
(Protocol: http://schemas.xmlsoap.org/ws/2003/07/secext) from (AssertionID:
_927cb6ae-c911-4df0-b55a-38eae3571893)
printed HTTP headers:
$_SERVER: array(38) { ["REDIRECT_HTTPS"]=> string(2) "on"
["REDIRECT_Shib-Application-ID"]=> string(7) "default"
["REDIRECT_Shib-Session-ID"]=> string(33)
"_aa48d2671cdfa878d10570fffe392e1c" ["REDIRECT_Shib-Identity-Provider"]=>
string(23) "urn:federation:idp" ["REDIRECT_Shib-Authentication-Instant"]=>
string(20) "2009-08-22T04:45:31Z" ["REDIRECT_Shib-Authentication-Method"]=>
string(39) "urn:oasis:names:tc:SAML:1.0:am:password"
["REDIRECT_Shib-AuthnContext-Class"]=> string(39)
"urn:oasis:names:tc:SAML:1.0:am:password" ["REDIRECT_STATUS"]=> string(3)
"200" ["HTTPS"]=> string(2) "on" ["HTTP_ACCEPT"]=> string(271) "image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword,
application/x-shockwave-flash, application/xaml+xml,
application/vnd.ms-xpsdocument, application/x-ms-xbap,
application/x-ms-application, */*" ["HTTP_REFERER"]=> string(252)
"https://fds.idp.com/adfs/ls/clientlogon.aspx?wa=wsignin1.0&wreply=https%3a%2f%2fidp-test.app.com%2fShibboleth.sso%2fADFS&wct=2009-08-22T04%3a45%3a04Z&wtrealm=https%3a%2f%2fidp-test.app.com%2fshibboleth-sp&wctx=cookie%3ac53aa7ec"
["HTTP_ACCEPT_LANGUAGE"]=> string(5) "en-us" ["HTTP_ACCEPT_ENCODING"]=>
string(13) "gzip, deflate" ["HTTP_USER_AGENT"]=> string(197) "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; InfoPath.1; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)" ["HTTP_HOST"]=> string(26)
"idp-test.app.com" ["HTTP_CONNECTION"]=> string(10) "Keep-Alive"
["HTTP_CACHE_CONTROL"]=> string(8) "no-cache" ["HTTP_COOKIE"]=> string(157)
"_shibsession_64656661756c7468747470733a2f2f67656e6d696c6c732d746573742e696e6e6f2d3336302e636f6d2f73686962626f6c6574682d7370=_aa48d2671cdfa878d10570fffe392e1c"
["PATH"]=> string(29) "/sbin:/usr/sbin:/bin:/usr/bin" ["SERVER_SIGNATURE"]=>
string(0) "" ["SERVER_SOFTWARE"]=> string(6) "Apache" ["SERVER_NAME"]=>
string(26) "idp-test.app.com" ["SERVER_ADDR"]=> string(15) "xxx.xxx.xxx.xxx"
["SERVER_PORT"]=> string(3) "xxx" ["REMOTE_ADDR"]=> string(12)
"71.195.20.43" ["DOCUMENT_ROOT"]=> string(69) "xxx/index.php"
["REMOTE_PORT"]=> string(4) "xxx" ["REDIRECT_URL"]=> string(29)
"/users/login/adapter/idp" ["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1" ["REQUEST_METHOD"]=> string(3)
"GET" ["QUERY_STRING"]=> string(0) "" ["REQUEST_URI"]=> string(29)
"/users/login/adapter/idp" ["SCRIPT_NAME"]=> string(10) "/index.php"
["PHP_SELF"]=> string(10) "/index.php" ["REQUEST_TIME"]=> int(1250916332) }
$_REQUEST: array(1) {
["_shibsession_64656661756c7468747470733a2f2f67656e6d696c6c732d746573742e696e6e6f2d3336302e636f6d2f73686962626f6c6574682d7370"]=>
string(33) "_aa48d2671cdfa878d10570fffe392e1c" }
$_SESSION: array(0) { }
$_COOKIE: array(1) {
["_shibsession_64656661756c7468747470733a2f2f67656e6d696c6c732d746573742e696e6e6f2d3336302e636f6d2f73686962626f6c6574682d7370"]=>
string(33) "_aa48d2671cdfa878d10570fffe392e1c" }
answers via searching, please forgive me if this is a basic question or
duplicate one. Appreciate for lightening!
Environment:
SP: Shibboleth SP 2.2
IDP: ADFS (SAML1.1)
Application: PHP
What I need: After shibboleth building a token successfully, I need to get
the value of an attribute: emailAddress. But it's not cached in the Session.
I need to know what's wrong, how to store it in the session, and how do I
access this attribute. (I'm assuming I should access like: $email =
$_REQUEST['emailAddress'];)
Known points:
1. For now, there's no errors in shibd.log or transactions.log in the whole
process.
2. I don't use AttributeFilter.
3. I tried to print out $_SERVER, $_REQUEST, $_SESSION, $_COOKIE, but not
able to see anything about emailAddress.
Shibboleth2.xml:
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
logger="syslog.logger" clockSkew="180">
<OutOfProcess logger="shibd.logger">
<Extensions>
<Library path="adfs.so" fatal="true"/>
</Extensions>
</OutOfProcess>
<InProcess logger="native.logger">
<Extensions>
<Library path="adfs-lite.so" fatal="true"/>
</Extensions>
</InProcess>
<UnixListener address="shibd.sock"/>
<StorageService type="Memory" id="mem" cleanupInterval="900"/>
<SessionCache type="StorageService" StorageService="mem"
cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>
<ReplayCache StorageService="mem"/>
<ArtifactMap artifactTTL="180"/>
<RequestMapper type="Native">
<RequestMap applicationId="default">
<Host name="idp-test.app.com">
<Path name="secure" authType="shibboleth"
requireSession="true"/>
</Host>
</RequestMap>
</RequestMapper>
<ApplicationDefaults id="default" policyId="default"
entityID="https://idp-test.app.com/shibboleth-sp"
homeURL="https://idp-test.app.com/"
REMOTE_USER="NameIdentifier email NameID persistent-id"
signing="false" encryption="false">
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
handlerURL="/Shibboleth.sso" handlerSSL="true"
exportLocation="http://idp-test.app.com/Shibboleth.sso/GetAssertion"
exportACL="127.0.0.1"
idpHistory="false" idpHistoryDays="7">
<SessionInitiator type="Chaining" Location="/Login"
isDefault="true"
relayState="cookie" entityID="urn:federation:idp">
<SessionInitiator type="ADFS" defaultACSIndex="10"
template="bindingTemplate.html"/>
</SessionInitiator>
<md:AssertionConsumerService Location="/SAML2/POST" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<md:AssertionConsumerService Location="/SAML2/POST-SimpleSign"
index="2"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
<md:AssertionConsumerService Location="/SAML2/Artifact"
index="3"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
<md:AssertionConsumerService Location="/SAML2/ECP" index="4"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"/>
<md:AssertionConsumerService Location="/SAML/POST" index="5"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
<md:AssertionConsumerService Location="/SAML/Artifact" index="6"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
<md:AssertionConsumerService Location="/ADFS" index="10"
Binding="http://schemas.xmlsoap.org/ws/2003/07/secext"/>
<md:SingleLogoutService Location="/SLO/SOAP"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
<md:SingleLogoutService Location="/SLO/Redirect"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<md:SingleLogoutService Location="/SLO/POST"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<md:SingleLogoutService Location="/SLO/Artifact"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
<md:ManageNameIDService Location="/NIM/SOAP"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
<md:ManageNameIDService Location="/NIM/Redirect"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<md:ManageNameIDService Location="/NIM/POST"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<md:ManageNameIDService Location="/NIM/Artifact"
conf:template="bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
<md:ArtifactResolutionService Location="/Artifact/SOAP"
index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
<Handler type="MetadataGenerator" Location="/Metadata"
signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<Handler type="Session" Location="/Session"
showAttributeValues="ture"/>
</Sessions>
<Errors session="sessionError.html"
metadata="metadataError.html"
access="accessError.html"
ssl="sslError.html"
localLogout="localLogout.html"
globalLogout="globalLogout.html"
supportContact="lliu-***@public.gmane.org"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider type="XML" file="idp-metadata.xml"/>
<TrustEngine type="Chaining">
<TrustEngine type="ExplicitKey"/>
</TrustEngine>
<AttributeExtractor type="XML" path="attribute-map.xml"/>
<!-- AttributeFilter type="XML" path="attribute-policy.xml"/ -->
<CredentialResolver type="File" key="sp-key.pem"
certificate="sp-cert.pem"/>
</ApplicationDefaults>
<SecurityPolicies>
<Policy id="default" validate="false">
<PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
<PolicyRule type="Conditions">
<PolicyRule type="Audience">
<saml:Audience>https://idp-test.app.com/shibboleth-sp</saml:Audience>
</PolicyRule>
</PolicyRule>
<PolicyRule type="ClientCertAuth" errorFatal="true"/>
<PolicyRule type="XMLSigning" errorFatal="true"/>
<PolicyRule type="SimpleSigning" errorFatal="true"/>
</Policy>
</SecurityPolicies>
</SPConfig>
attribute-map.xml:
<Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- WS-Fed attributes -->
<Attribute nameFormat="http://schemas.xmlsoap.org/claims"
name="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" id="email"/>
</Attributes>
assertion file received:
<wst:RequestSecurityTokenResponse
xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wst:RequestedSecurityToken>
<saml:Assertion AssertionID="_f2c62902-9f47-41d9-b105-0609b0097f3e"
IssueInstant="2009-08-19T15:31:46Z" Issuer="urn:federation:idp"
MajorVersion="1" MinorVersion="1"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-08-19T15:26:46Z"
NotOnOrAfter="2009-08-19T16:31:46Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://idp-test.app.com/shibboleth-sp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:Advice>
<adfs:CookieInfoHash
xmlns:adfs="urn:microsoft:federation">Y9tp63CT8arjQF4EpjsHFEN+tEE=</adfs:CookieInfoHash>
</saml:Advice>
<saml:AuthenticationStatement
AuthenticationInstant="2009-08-19T15:31:46Z"
AuthenticationMethod="urn:federation:authentication:windows">
<saml:Subject>
<saml:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">John.Smith-MBB5nLxV3/***@public.gmane.org</saml:NameIdentifier>
</saml:Subject>
</saml:AuthenticationStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#_f2c62902-9f47-41d9-b105-0609b0097f3e">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>HvDWZXqG0sv1vtAk+htETsxTUZQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</saml:Assertion>
</wst:RequestedSecurityToken>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsa:EndpointReference
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing">
<wsa:Address>https://idp-test.app.com/shibboleth-sp</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
</wst:RequestSecurityTokenResponse>
Shibd.log:
2009-08-22 07:52:35 INFO Shibboleth.Config : Library versions: Xerces-C
3.0.1, XML-Security-C 1.5.0, XMLTooling-C 1.2.0, OpenSAML-C 2.2.0,
Shibboleth 1.2.0
2009-08-22 07:52:35 INFO XMLTooling.XMLToolingConfig : loading extension:
adfs.so
2009-08-22 07:52:35 INFO XMLTooling.XMLToolingConfig : loaded extension:
/usr/lib/shibboleth/adfs.so
2009-08-22 07:52:35 INFO Shibboleth.Config : building ListenerService of
type UnixListener...
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (set::RelayState)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (get::RelayState)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (set::PostData)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (get::PostData)
2009-08-22 07:52:35 INFO Shibboleth.Config : building StorageService (mem)
of type Memory...
2009-08-22 07:52:35 INFO Shibboleth.Config : building ReplayCache on top of
StorageService (mem)...
2009-08-22 07:52:35 INFO XMLTooling.StorageService : cleanup thread
started...running every 900 seconds
2009-08-22 07:52:35 INFO Shibboleth.Config : building in-memory
ArtifactMap...
2009-08-22 07:52:35 INFO Shibboleth.Config : building SessionCache of type
StorageService...
2009-08-22 07:52:35 INFO Shibboleth.SessionCache : bound to StorageService
(mem)
2009-08-22 07:52:35 INFO Shibboleth.SessionCache : No StorageServiceLite
specified. Using standard StorageService.
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (find::StorageService::SessionCache)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (remove::StorageService::SessionCache)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (touch::StorageService::SessionCache)
2009-08-22 07:52:35 INFO OpenSAML.SecurityPolicyRule.Conditions : building
SecurityPolicyRule of type Audience
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (run::AssertionLookup)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/Login::run::ADFSSI)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML2/POST)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML2/POST-SimpleSign)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML2/Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML2/ECP)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML/POST)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SAML/Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/ADFS)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/ADFS::run::ADFSLO)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SLO/SOAP)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SLO/Redirect)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SLO/POST)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/SLO/Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/NIM/SOAP)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/NIM/Redirect)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/NIM/POST)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/NIM/Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/Artifact/SOAP::run::SAML2Artifact)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/Metadata)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default/Status)
2009-08-22 07:52:35 INFO Shibboleth.Application : building MetadataProvider
of type XML...
2009-08-22 07:52:35 INFO OpenSAML.MetadataProvider.XML : loaded XML resource
(/etc/shibboleth/idp-metadata.xml)
2009-08-22 07:52:35 INFO Shibboleth.Application : building TrustEngine of
type Chaining...
2009-08-22 07:52:35 INFO XMLTooling.TrustEngine.Chaining : building
TrustEngine of type ExplicitKey
2009-08-22 07:52:35 INFO Shibboleth.Application : building
AttributeExtractor of type XML...
2009-08-22 07:52:35 INFO Shibboleth.AttributeExtractor.XML : loaded XML
resource (/etc/shibboleth/attribute-map.xml)
2009-08-22 07:52:35 INFO Shibboleth.AttributeExtractor.XML : creating
mapping for Attribute
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,
Format/Namespace:http://schemas.xmlsoap.org/claims
2009-08-22 07:52:35 INFO Shibboleth.Application : building
CredentialResolver of type File...
2009-08-22 07:52:35 INFO XMLTooling.SecurityHelper : loading private key
from file (/etc/shibboleth/sp-key.pem)
2009-08-22 07:52:35 INFO XMLTooling.SecurityHelper : loading certificate(s)
from file (/etc/shibboleth/sp-cert.pem)
2009-08-22 07:52:35 INFO Shibboleth.Listener : registered remoted message
endpoint (default::getHeaders::Application)
2009-08-22 07:52:35 INFO Shibboleth.Listener : listener service starting
2009-08-22 10:00:03 DEBUG Shibboleth.Listener [1]: dispatching message
(default::getHeaders::Application)
2009-08-22 10:00:03 DEBUG Shibboleth.Listener [1]: dispatching message
(default/Login::run::ADFSSI)
2009-08-22 10:02:56 DEBUG Shibboleth.Listener [2]: dispatching message
(default::getHeaders::Application)
2009-08-22 10:02:56 DEBUG Shibboleth.Listener [2]: dispatching message
(default/Login::run::ADFSSI)
2009-08-22 10:03:16 DEBUG Shibboleth.Listener [3]: dispatching message
(default/ADFS)
2009-08-22 10:03:16 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [3]:
evaluating message flow policy (replay checking on, expiration 60)
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: inserted record
(_927cb6ae-c911-4df0-b55a-38eae3571893) in context (MessageFlow)
2009-08-22 10:03:16 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [3]:
validating signature profile
2009-08-22 10:03:16 DEBUG OpenSAML.SecurityPolicyRule.XMLSigning [3]:
signature verified against message issuer
2009-08-22 10:03:16 DEBUG Shibboleth.SessionCache [3]: creating new session
2009-08-22 10:03:16 DEBUG Shibboleth.SessionCache [3]: storing new
session...
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: inserted record
(session) in context (_19bea61ad8832e173764b19f82d0f506)
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: inserted record
(John.Smith-MBB5nLxV3/***@public.gmane.org) in context (NameID)
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: inserted record
(_927cb6ae-c911-4df0-b55a-38eae3571893) in context
(_19bea61ad8832e173764b19f82d0f506)
2009-08-22 10:03:16 INFO Shibboleth.SessionCache [3]: new session created:
ID (_19bea61ad8832e173764b19f82d0f506) IdP (urn:federation:idp)
Protocol(http://schemas.xmlsoap.org/ws/2003/07/secext) Address
(xxx.xxx.xxx.xxx)
2009-08-22 10:03:16 DEBUG Shibboleth.Listener [3]: dispatching message
(default::getHeaders::Application)
2009-08-22 10:03:16 DEBUG Shibboleth.Listener [3]: dispatching message
(find::StorageService::SessionCache)
2009-08-22 10:03:16 DEBUG XMLTooling.StorageService [3]: updated expiration
of valid records in context (_19bea61ad8832e173764b19f82d0f506)
2009-08-22 10:07:35 INFO XMLTooling.StorageService : purged 1 expired
record(s) from storage
2009-08-22 11:07:35 INFO XMLTooling.StorageService : purged 2 expired
record(s) from storage
2009-08-22 18:07:33 INFO XMLTooling.StorageService : purged 1 expired
record(s) from storage
Transation.log:
2009-08-22 10:03:16 INFO Shibboleth-TRANSACTION [3]: New session (ID:
_19bea61ad8832e173764b19f82d0f506) with (applicationId: default) for
principal from (IdP: urn:federation:genmills) at (ClientAddress:
xxx.xxx.xxx.xxx) with (NameIdentifier: Ben.Abraham-ooUP5uptAsxWk0Htik3J/***@public.gmane.org) using
(Protocol: http://schemas.xmlsoap.org/ws/2003/07/secext) from (AssertionID:
_927cb6ae-c911-4df0-b55a-38eae3571893)
printed HTTP headers:
$_SERVER: array(38) { ["REDIRECT_HTTPS"]=> string(2) "on"
["REDIRECT_Shib-Application-ID"]=> string(7) "default"
["REDIRECT_Shib-Session-ID"]=> string(33)
"_aa48d2671cdfa878d10570fffe392e1c" ["REDIRECT_Shib-Identity-Provider"]=>
string(23) "urn:federation:idp" ["REDIRECT_Shib-Authentication-Instant"]=>
string(20) "2009-08-22T04:45:31Z" ["REDIRECT_Shib-Authentication-Method"]=>
string(39) "urn:oasis:names:tc:SAML:1.0:am:password"
["REDIRECT_Shib-AuthnContext-Class"]=> string(39)
"urn:oasis:names:tc:SAML:1.0:am:password" ["REDIRECT_STATUS"]=> string(3)
"200" ["HTTPS"]=> string(2) "on" ["HTTP_ACCEPT"]=> string(271) "image/gif,
image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword,
application/x-shockwave-flash, application/xaml+xml,
application/vnd.ms-xpsdocument, application/x-ms-xbap,
application/x-ms-application, */*" ["HTTP_REFERER"]=> string(252)
"https://fds.idp.com/adfs/ls/clientlogon.aspx?wa=wsignin1.0&wreply=https%3a%2f%2fidp-test.app.com%2fShibboleth.sso%2fADFS&wct=2009-08-22T04%3a45%3a04Z&wtrealm=https%3a%2f%2fidp-test.app.com%2fshibboleth-sp&wctx=cookie%3ac53aa7ec"
["HTTP_ACCEPT_LANGUAGE"]=> string(5) "en-us" ["HTTP_ACCEPT_ENCODING"]=>
string(13) "gzip, deflate" ["HTTP_USER_AGENT"]=> string(197) "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR
2.0.50727; InfoPath.1; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET
CLR 3.0.4506.2152; .NET CLR 3.5.30729)" ["HTTP_HOST"]=> string(26)
"idp-test.app.com" ["HTTP_CONNECTION"]=> string(10) "Keep-Alive"
["HTTP_CACHE_CONTROL"]=> string(8) "no-cache" ["HTTP_COOKIE"]=> string(157)
"_shibsession_64656661756c7468747470733a2f2f67656e6d696c6c732d746573742e696e6e6f2d3336302e636f6d2f73686962626f6c6574682d7370=_aa48d2671cdfa878d10570fffe392e1c"
["PATH"]=> string(29) "/sbin:/usr/sbin:/bin:/usr/bin" ["SERVER_SIGNATURE"]=>
string(0) "" ["SERVER_SOFTWARE"]=> string(6) "Apache" ["SERVER_NAME"]=>
string(26) "idp-test.app.com" ["SERVER_ADDR"]=> string(15) "xxx.xxx.xxx.xxx"
["SERVER_PORT"]=> string(3) "xxx" ["REMOTE_ADDR"]=> string(12)
"71.195.20.43" ["DOCUMENT_ROOT"]=> string(69) "xxx/index.php"
["REMOTE_PORT"]=> string(4) "xxx" ["REDIRECT_URL"]=> string(29)
"/users/login/adapter/idp" ["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1" ["REQUEST_METHOD"]=> string(3)
"GET" ["QUERY_STRING"]=> string(0) "" ["REQUEST_URI"]=> string(29)
"/users/login/adapter/idp" ["SCRIPT_NAME"]=> string(10) "/index.php"
["PHP_SELF"]=> string(10) "/index.php" ["REQUEST_TIME"]=> int(1250916332) }
$_REQUEST: array(1) {
["_shibsession_64656661756c7468747470733a2f2f67656e6d696c6c732d746573742e696e6e6f2d3336302e636f6d2f73686962626f6c6574682d7370"]=>
string(33) "_aa48d2671cdfa878d10570fffe392e1c" }
$_SESSION: array(0) { }
$_COOKIE: array(1) {
["_shibsession_64656661756c7468747470733a2f2f67656e6d696c6c732d746573742e696e6e6f2d3336302e636f6d2f73686962626f6c6574682d7370"]=>
string(33) "_aa48d2671cdfa878d10570fffe392e1c" }
--
View this message in context: http://n2.nabble.com/Problem-to-access-attributes-after-integrate-Shibboleth-SP-2-2-with-ADFS-tp3497310p3497310.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.
View this message in context: http://n2.nabble.com/Problem-to-access-attributes-after-integrate-Shibboleth-SP-2-2-with-ADFS-tp3497310p3497310.html
Sent from the Shibboleth - Users mailing list archive at Nabble.com.