Gluu SAML SP missing attribute

By: Austin Reynolds user 28 Jan 2019 at 1:44 p.m. CST

4 Responses
Austin Reynolds gravatar
Hello, I'm trying to configure our Gluu server as a SP for google Domain IDP and am using the test proxy client as provided in https://gluu.org/docs/ce/3.1.4/authn-guide/inbound-saml-passport/. The connection to the IDP seems to be configured properly where we're redirected and can login to our IDP, sending a valid SAML token to the Gluu server, but then there appears to be an error logging into Gluu from what I think is due to a reverse mapping issue for oxauth with message **"Attribute 'username' is missing in profile"** I'm not quite sure how to resolve this however, as the SAML token is providing this information. Attached are the oxauth_script and passport logs, as well as the web trace w/ SAML token and the passport-saml-config.json file. Please advise, thank you
CentOS 7.0
closed

Answers

By Mohib Zico staff 04 Feb 2019 at 1:40 a.m. CST

Copy
Mohib Zico gravatar
Hi Austin, Please share your configuration as text in comment or some hosting service which doesn't require authorization.

By Austin Reynolds user 04 Feb 2019 at 9:55 a.m. CST

Copy
Austin Reynolds gravatar
Hi Mohib, Here is the passport-saml-config.json config file. Please let me know what else you may need. ``` { "jorsek-google": { "entryPoint": "https://accounts.google.com/o/saml2/idp?idpid=C03x7blkg", "issuer": "jorsek-gluu-saml-sp", "identifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "authnRequestBinding": "HTTP-POST", "additionalAuthorizeParams": "", "logo_img":"https://easydita.com/wp-content/uploads/2018/12/easyDITA-and-Jorsek-Logo-Small.png", "enable":"true", "cert":"[CERT-REDACTED]", "skipRequestCompression": "true", "reverseMapping": { "email" : "email", "username": "urn:oid:0.9.2342.19200300.100.1.1", "displayName": "urn:oid:2.16.840.1.113730.3.1.241", "id": "urn:oid:0.9.2342.19200300.100.1.1", "name": "urn:oid:2.5.4.42", "givenName": "urn:oid:2.5.4.42", "familyName": "urn:oid:2.5.4.4", "provider" :"issuer" } } } ```

By Austin Reynolds user 06 Mar 2019 at 12:52 p.m. CST

Copy
Austin Reynolds gravatar
Hello, Can you please provide an update in regards to this?

By Mohib Zico staff 06 Mar 2019 at 1:12 p.m. CST

Copy
Mohib Zico gravatar
Hi Austin, I am not exactly not sure why Google IDP is creating this issue because you have `"username": "urn:oid:0.9.2342.19200300.100.1.1"` mapping there already. To find out how Google IDP actually might work; I need to create a sample passport config with Google IDP. Also... test "username": "username" mapping as well; see how that goes.

Post an answer