Hi, Franz. I can't clearly see how it's related to Gluu at the moment. If I got it right, your SP is getting expected attributes from Gluu, but you can't display them correctly using your php code? If that's the case it's bit beyond of our support coverage. Also, this part: >he attributes set from the IDP does not seem to reflect the needed information is too vague. What it displays, and what you expect it to display?

Here's the relation between GLUU IDP and the SP: Released attributes set in Trust Configuration: - Display Name - Email - First Name - Last Name - iname - Persistent ID - Profile URL - Status - Website URL The SP only displays the following coming from the IDP, based on Sessions: https://c-app01.contoso.com/Shibboleth.sso/Session - Mail - Display Name - Given Name So, the question is actually: where can I get the rest? Or how can I get the rest? Or which SAML endpoint should I access (if there are any)?

Have you checked that user you log in with at Gluu has some values assigned to all these attributes? You can check with user search feature in web UI

Yes, attributes with values include: First Name, Last Name, and Status.

I found out that after adding the GLUU Released Attribute in Trust Relationship, the Shibboleth SP `attribute-map.xml` still needs to be set. In Shibboleth SP, `/var/log/shibboleth/shibd.log` will give you the correct information for attribute name. In this case, it is `urn:oid:gluuStatus-oid`. Here's a sample line in `/var/log/shibboleth/attribute-map.xml` <Attribute name="urn:oid:gluuStatus-oid" id="status"></Attribute> This line will allow the SP to receive **Status** value. After that, `$_SERVER` will include `status`. Each attribute will need to be configured in `attribute-map.xml`. I have verified the available attributes in: https://c-app01.contoso.com/Shibboleth.sso/Sessions

One last question: Some attributes in GLUU IDP does not include the attribute name anywhere either inside `shibd.log` or inside the GLUU user interface. I understand that this is using LDAP, but can somebody from support please specify the location, or create a query wherein we can view each LDAP attribute names (clarifying that it should be an attribute name of the SAML attribute). Also, can we request in future versions to display an attribute list, if there is not any, in the GLUU user interface.

Hi Franz, Just to clarify... Service Provider troubleshooting is not included in our community support. You can check [entitlements](https://www.gluu.org/entitlements) here. However we have docs on basic SP/RP configuration available in https://gluu.org/docs. Check out 'SP/RP Integration Modules' tab from left side. >> Some attributes in GLUU IDP does not include the attribute name anywhere either inside shibd.log or inside the GLUU user interface. Any example? >> Also, can we request in future versions to display an attribute list, if there is not any, in the GLUU user interface. I think I didn't understand your question but Attribute list is already available there in Gluu Server [GUI](https://gluu.org/docs/oxtrust/configuration/#attributes)

I understand that the Shibboleth SP is not supported. I don't intend to get support from using Shibboleth SP. My intention is to find the correct SAML attribute name from GLUU IDP. By "attribute name", I mean this `urn:oid:gluuStatus-oid`. Here's an example `attribute-map.xml` content. If you're going to observe, one of it is `urn:oid:gluuStatus-oid`: <Attribute name="urn:mace:dir:attribute-def:cn" id="cn"/> <Attribute name="urn:mace:dir:attribute-def:sn" id="sn"/> <Attribute name="urn:mace:dir:attribute-def:givenName" id="givenName"/> <Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/> <Attribute name="urn:oid:gluuStatus-oid" id="status"/> <Attribute name="urn:mace:dir:attribute-def:uid" id="uid"/> <Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/> <Attribute name="urn:mace:dir:attribute-def:telephoneNumber" id="telephoneNumber"/> <Attribute name="urn:mace:dir:attribute-def:title" id="title"/> <Attribute name="urn:mace:dir:attribute-def:initials" id="initials"/> <Attribute name="urn:mace:dir:attribute-def:description" id="description"/> <Attribute name="urn:mace:dir:attribute-def:carLicense" id="carLicense"/> So, my question is... from the GLUU IDP, where can I find `urn:oid:gluuStatus-oid` in the user interface? Is it found anywhere?

You should check properties of attributes in question on the "Attributes" page of the Gluu's web UI. There you'll be able to see urns associated with each of them.

So, it is found in Configuration > Attributes I'm wondering why I didn't see it the first time. Thank you.

Sure, Franz. Closing the ticket.