1

I have followed following steps for the configuring the simpleSAMLphp with wso2 Identity server.

http://blog.facilelogin.com/2013/06/wso2-identity-server-saml2-idp-with.html which are working properly.

After once I make login with wso2 I get following SAML response...

<saml2p:Response ID="epgkocboaoejainknoilcfahcifmihnnmnolgbda"
                 InResponseTo="_835772cc96b22070921db3a9a341590d734bacdfbb"
                 IssueInstant="2013-07-23T12:12:19.744Z"
                 Version="2.0"
                 xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                 >
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </saml2p:Status>
    <saml2:Assertion ID="icmbdppjbnalbkafgjcplbndbijkdpfbmfgpkhec"
                     IssueInstant="2013-07-23T12:12:19.744Z"
                     Version="2.0"
                     xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                     >
        <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://localhost:9443/samlsso</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <ds:Reference URI="#icmbdppjbnalbkafgjcplbndbijkdpfbmfgpkhec">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <ds:DigestValue>sWsl9Q1RCGqgD97tAlU4X506ylw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>
M1yd1WRy6L6LiUa1KcRDZF23I/ilnrYvLxLeeXRTeTIM/kCaDy2eQHOJmJuPuxD8C/RBFLJ2eZQb
shL+AghTUITrqDS09RgYhMkdAygHsTqBBihpXHmsLuMiaW+j4HNSuMfCcg8RHaTZRiv7vOSKIKHI
icXcxcKGuvIlw0DDjds=
</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxv
Y2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQsw
CQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UE
AwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTou
sMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5
HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQID
AQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44i
QlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJR
O4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID>USER_NAME</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData InResponseTo="_835772cc96b22070921db3a9a341590d734bacdfbb"
                                               NotOnOrAfter="2013-07-23T12:17:19.744Z"
                                               Recipient="http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp"
                                               />
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2013-07-23T12:12:19.744Z"
                          NotOnOrAfter="2013-07-23T12:17:19.744Z"
                          >
            <saml2:AudienceRestriction>
                <saml2:Audience>simplesaml</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2013-07-23T12:12:19.744Z"
                              SessionIndex="2BD082E8D8D9D105C26AB2F2A7EE2676"
                              >
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
    </saml2:Assertion>
</saml2p:Response>


where this is my REQUEST SAML

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                    ID="_835772cc96b22070921db3a9a341590d734bacdfbb"
                    Version="2.0"
                    IssueInstant="2013-07-23T12:12:11Z"
                    Destination="https://localhost:9443/samlsso"
                    AssertionConsumerServiceURL="http://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/wso2-sp"
                    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    >
    <saml:Issuer>simplesaml</saml:Issuer>
    <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        AllowCreate="true"
                        />
</samlp:AuthnRequest>

I am not able to get any attributes regarding users in my simpleSAML response.

how can I specify Attributes I needed from WSO2 Identity server

??

Bhavin Vora
  • 451
  • 3
  • 12

1 Answers1

3

When you enable 'Attribute Profile' at the service provider (SP) registration time in Identity Server 4.5.0 (IS), a unique 'Consumer Index' will be generated, and the subsequent SAML requests should contain that value in order IS to send the user attributes in the responses.

However, if you want to get the attributes without sending that index value, you can enable "Include Attributes in the Response Always" at SP registration time. This option is available in IS 4.5.0 GA release.

drox
  • 7,523
  • 4
  • 23
  • 34