[satosa-users] Adding to attribute maps

Hi Scott, I’m not totally sure what you mean by undefined. I’m using the docker setup where there seem to be separate files for SAML and Shibboleth attributes: saml_uri.py and shibboleth_uri.py. The Swiss attributes seem to be correctly defined in saml_uri.py (you can see them at https://github.com/IdentityPython/SATOSA/pull/270/files#diff-a97bd52d95d3b3…) SWISSEDUPERSON_OID = 'urn:oid:2.16.756.1.2.5.1.1.’ SWISSEDUPERSON_OID+’4’=‘swissEduPersonHomeOrganization’ I made a simplified version of my config at (will send it to you directly on Slack) and was able to reproduce the issue with an IdP that releases just two attributes (eduPersonPrincipalName is found and swissEduPersonHomeOrganization isn’t); <ns0:AttributeStatement xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ns0:Attribute FriendlyName="eduPersonPrincipalName" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">hshort at cern.ch<mailto:hshort at cern.ch></ns0:AttributeValue> </ns0:Attribute> <ns0:Attribute FriendlyName="swissEduPersonHomeOrganization" Name="urn:oid:2.16.756.1.2.5.1.1.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">cern.ch</ns0:AttributeValue> </ns0:Attribute> </ns0:AttributeStatement> Really sorry to bother you with this, it’s probably something silly. Cheers, Hannah On 6 Aug 2019, at 12:52, Scott Koranda <skoranda at gmail.com<mailto:skoranda at gmail.com>> wrote: Hi, I’m trying to add the Swiss eduPerson attributes [1] to the Satosa attribute maps [2] but running into problems when trying to use them. I’m running Satosa with Docker and have pulled the swiss attributes into .py files in the attributemaps folder, added them to my internal_attribute.yaml schema, restarted my container… however they don’t seem to be recognised. ========================== The attribute coming from my IdP ========================== <ns0:Attribute FriendlyName="swissEduPersonHomeOrganization" Name="urn:oid:2.16.756.1.2.5.1.1.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns0:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">cern.ch<http://cern.ch></ns0:AttributeValue></ns0:Attribute> Note that the <Attribute> element above has NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" The pysaml2 attribute maps usually contain mapping files for both "uri" and "unspecified" name formats in the attributemaps (configured) directory, e.g. $ ls -1 attributemaps/ __init__.py unspecified.py uri.py Are you confident that swissEduPersonHomeOrganization is defined in both unspecified.py and uri.py? If so, let me know and I can dig further... Thanks, Scott K