Failed to create attributes in the Gluu web U

By: Xuejiao Zhang user 26 Aug 2019 at 2:48 a.m. CDT

3 Responses
Xuejiao Zhang gravatar
## Step 1: Create AWS Custom Attributes in LDAP# ``` [root@localhost ~]# cat /opt/opendj/config/schema/77-customAttributes.ldif dn: cn=schema objectClass: top objectClass: ldapSubentry objectClass: subschema cn: schema attributeTypes ( 1.3.6.1.4.1.48710.1.3.1003 NAME 'RoleEntitlement' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Gluu - AWS Assume Role' ) attributeTypes ( 1.3.6.1.4.1.48710.1.3.1004 NAME 'RoleSessionName' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Gluu - AWS Assume Role Session Name' ) objectclass ( 1.3.6.1.4.1.48710.1.4.101 NAME 'gluuCustomPerson' SUP ( top ) AUXILIARY MAY ( telephoneNumber $ mobile $ RoleEntitlement $ RoleSessionName ) X-ORIGIN 'Gluu - Custom persom objectclass' ) ``` ## Step 2: /etc/rc.d/init.d/opendj restart ## Step 3: create these two attributes in the Gluu web UI ("oxTrust"). Input: Name: RoleEntitlement SAML1 :https://aws.amazon.com/SAML/Attibutes/Role SAML2: https://aws.amazon.com/SAML/Attibutes/Role Error: Issue: the Attribute type ‘RoleEntitlement’ not defined in LDAP schema Failed to update aAttribute ‘RoleEntitlement’
CentOS 7.6
closed

Answers

By Aliaksandr Samuseu staff 27 Aug 2019 at 12:15 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Xuejiao. Your schema definitions contain an error: ``` attributeTypes ( 1.3.6.1.4.1.48710.1.3.1003 NAME 'RoleEntitlement' ``` There must be a colon after `attributeTypes`, like this: ``` attributeTypes: ( 1.3.6.1.4.1.48710.1.3.1003 NAME 'RoleEntitlement' ``` If you'll check `/opt/opendj/logs/server.out` I bet you'll find an error stating that your schema modifications were not accepted.

By Xuejiao Zhang user 27 Aug 2019 at 10:56 p.m. CDT

Copy
Xuejiao Zhang gravatar
@Aliaksandr.Samuseu Thanks. It works. I would suggest to have the "typo" on Gluu official docs modified: page: https://gluu.org/docs/ce/integration/saas/aws/ section: Create AWS Custom Attributes in LDAP# 1) modify "objectclass" to "objeCtclasses:" 2) add colon after "attributeTypes" Moreover, I have one question to ask. I have an Android APP which calls AWS API Gateway. I would like to add the authentication feature. When users login on Android APP, I would like to have AWS cognito (identity pool) to authenticate using Gluu server as user pool (federation SAML). Do you have any instructions to follow? I am referring to this now: https://gluu.org/docs/ce/integration/saas/aws/ At the last step "SSO Testing#". it didn't behave as the video. I got the request redirected and it complained "Web login service – Unsupported Request The application you have accessed is not registered for use with this service. " I am looking forward to hearing your suggestions. https://signin.amazonaws.cn/saml" Thanks, Xuejiao

By Aliaksandr Samuseu staff 28 Aug 2019 at 1:20 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Xuejiao. Thanks for the heads up, and sorry for the inconvenience. It's fixed now. As for the other your question - please create a new ticket as this is not directly related to the original issue you had. Mixing several issues in a single ticket makes it difficult to categorize and search them later.

Post an answer