0

I have setup OpenAM and SimpleSAMLPhp. I can auth via the OpenAM "Test Fed" and the "Auth" page in SimpleSAMLPhp so i believe its all working correctly.

However, when i auth the user, and then print out:

$attributes = $as->getAttributes();
$attrs = print_r($attributes, true);

print '<pre>Attrs: ' . $attrs . '</pre>';

I get the following:

Attrs: Array
(
    [groups] => Array
    (
        [0] => users
        [1] => members
    )

)

Where as i would expect the below:

inetuserstatus=[true], 
sn=[Healy], 
givenname=[Gareth], 
userpassword=xxx..., 
uid=[gareth.healy@localhost.com]

If i call the REST API http://auth.localhost.com:8080/openam/identity/attributes?subjectid=... it returns the values as expected.

I have included saml response as well. Is this a OpenAM/SimpleSAMLPhp setup issue?

Gareth H
  • 103
  • 2
  • 14
  • What i expect http://rnd.feide.no/files/screenshot-example.png and what i see: http://bit.ly/UlIIta – Gareth H Nov 21 '12 at 17:00

1 Answers1

0

as you may know SAML is totally different from Identity Web Services (which you use with REST and which return a default set of attributes for the 'attributes resource').

You can include attribute statements into the SAML authentication response by configuring an attribute mapping for the service provider on the OpenAM side.

The attributes you want to map have to be available in the data store config.

Bernhard Thalmayr
  • 2,674
  • 1
  • 11
  • 7
  • Also you should be able to see that your SAML Assertion does not contain an AttributeStatement at all (nor the attributes you would like to have at the SP), this is because you haven't set up Attribute Mapping on the OpenAM side for this SP. ;) – Peter Major Nov 22 '12 at 09:43
  • I've done this per the following screenshot: http://bit.ly/UUBBpR - I believe this is what you mean? is there anything else i'd need to do? any reconfig/update on the SP side? As i still dont see them being pulled through by SimpleSAMLPhp – Gareth H Nov 22 '12 at 10:10