Most attributes no longer being provided to SP

By: Jake Bell user 19 Feb 2021 at 10:04 a.m. CST

3 Responses
Jake Bell gravatar
Hello, I had a Gluu install running on 4.2.2.SP1. I recently updated to 4.2.3 to fix the memory leak issues in the older version. The upgrade seemed to work fine, but the one thing that I can't get working properly after the upgrade is the attributes. Prior to 4.2.3, Gluu was releasing the Username and memberOf fields to the SP. The SP used the memberOf field to determine if the user had access to the website. After the update only the Username is released. I tested with a few other attributes, and they weren't getting sent either, just the Username. I'm at a loss of what to try since this had all been working and I can't find any logs around the exact release logic of the attributes. I've attached all the config files I thought would be helpful, but happy to pull up some more info if needed though: https://pastebin.com/DbGsHCNz Session Output https://pastebin.com/zq0R15h4 AttributePolicy.xml https://pastebin.com/AEDtNUC7 Shibboleth2.xml https://postimg.cc/k2rk97hk Trust Relationship
Gluu 4.2.3 CentOS 7.0
closed

Answers

By Dzouato Djeumen Rolain Bonaventure staff 22 Feb 2021 at 3:40 a.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Hello Jake, We are investigating the issue and will get back to you as soon as possible. Thanks for your patience

By Jake Bell user 22 Feb 2021 at 9:26 a.m. CST

Copy
Jake Bell gravatar
Hi Dzouato, I've done some more digging into this on my side yesterday as well. The biggest new piece of information is that rebooting the IDP service seems to have fixed it. I did reboot the entire server after the upgrade, so I'm not sure why one more reboot would make a difference. That said, I did figure out how to capture more details in the logs, so you can see the issue in action. https://pastebin.com/Bcn4tXq3 - Before Reboot https://pastebin.com/vXF4p7xH - After Reboot You can see in both cases Gluu says it's releasing the uid and memberOf attributes, but only in the after reboot example does it show up in the saml response.

By Dzouato Djeumen Rolain Bonaventure staff 22 Feb 2021 at 9:48 a.m. CST

Copy
Dzouato Djeumen Rolain Bonaventure gravatar
Thanks for the logs and happy you found a solution. That said , please do not hesitate to contact us with more logs if the issue repeats itself. It seems like a transient issue for now , but we would love to know more if it improves our product quality. Rolain

Post an answer