Uploaded image for project: 'OpenSAML - C++'
  1. OpenSAML - C++
  2. CPPOST-5

Multiple <saml:Issuer> elements allowed in one Response

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: SAML 2
    • Labels:
      None
    • Operating System:
      Multiple
    • CPU Type:
      Multiple
    • C/C++ Compiler:
      Multiple

      Description

      2007-12-14 10:53:39 DEBUG OpenSAML.MessageDecoder.SAML2POST [8]: decoded SAML message:
      <?xml version="1.0" encoding="UTF-8"?>
      <samlp:Response Destination="https://sp.two.testshib.org/Shibboleth.sso/SAML2/POST" ID="_a868ffc4b207d22cf1c9c6a3ebd47cb6" InResponseTo="_985523a7a64e241462c10a4a08990cfd" IssueInstant="2007-12-13T22:59:14.855Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
      <saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://idp.two.testshib.org/idp/profile/saml/metadata</saml:Issuer>
      <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://other.two.testshib.org/idp/profile/saml/metadata</saml:Issuer>
      <samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>
      <saml:Assertion ID="_abd4527de9e1578406a113583a6f4d87" IssueInstant="2007-12-14T00:05:14.855Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
      <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://idp.two.testshib.org/idp/profile/saml/metadata</saml:Issuer>
      <saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">_ad4a68fec5dbb9774f7342d556089c09</saml:NameID>
      <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData Address="71.208.229.5" InResponseTo="_985523a7a64e241462c10a4a08990cfd" NotOnOrAfter="2007-12-20T22:57:14.855Z" Recipient="https://sp.two.testshib.org/Shibboleth.sso/SAML2/POST"/></saml:SubjectConfirmation>
      </saml:Subject>
      <saml:Conditions NotBefore="2007-12-13T22:52:14.855Z" NotOnOrAfter="2007-12-20T23:57:14.855Z"/>
      <saml:AuthnStatement AuthnInstant="2007-12-13T22:52:04.817Z" SessionNotOnOrAfter="2007-12-13T23:22:04.817Z">
      <saml:SubjectLocality Address="71.208.229.5" DNSName="71.208.229.5"/><saml:AuthnContext><saml:AuthnContextDeclRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextDeclRef></saml:AuthnContext>
      </saml:AuthnStatement>
      <saml:AttributeStatement>
      <saml:Attribute FriendlyName="eduPersonAffiliation" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="somethingElse">member</saml:AttributeValue><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Member</saml:AttributeValue></saml:Attribute>
      <saml:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:mace:dir:entitlement:common-lib-terms</saml:AttributeValue></saml:Attribute>
      </saml:AttributeStatement>
      </saml:Assertion>
      </samlp:Response>
      2007-12-14 10:53:39 DEBUG OpenSAML.MessageDecoder.SAML2 [8]: extracting issuer from SAML 2.0 protocol message
      2007-12-14 10:53:39 DEBUG OpenSAML.MessageDecoder.SAML2 [8]: message from (https://other.two.testshib.org/idp/profile/saml/metadata)
      2007-12-14 10:53:39 DEBUG OpenSAML.MessageDecoder.SAML2 [8]: searching metadata for message issuer...
      2007-12-14 10:53:39 WARN OpenSAML.MessageDecoder.SAML2 [8]: no metadata found, can't establish identity of issuer (https://other.two.testshib.org/idp/profile/saml/metadata)
      2007-12-14 10:53:39 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [8]: evaluating message flow policy (replay checking off, expiration 6000000)
      2007-12-14 10:53:39 DEBUG OpenSAML.SecurityPolicyRule.ClientCertAuth [8]: ignoring message, no issuer metadata supplied
      2007-12-14 10:53:39 WARN OpenSAML.SecurityPolicyRule.NullSecurity [8]: security enforced using NULL policy rule, be sure you know what you're doing
      2007-12-14 10:53:39 DEBUG Shibboleth.SSO.SAML2 [8]: processing message against SAML 2.0 SSO profile
      2007-12-14 10:53:39 DEBUG Shibboleth.SSO.SAML2 [8]: searching metadata for assertion issuer...
      2007-12-14 10:53:39 WARN Shibboleth.SSO.SAML2 [8]: no metadata found, can't establish identity of issuer (https://other.two.testshib.org/idp/profile/saml/metadata)
      2007-12-14 10:53:39 DEBUG OpenSAML.SecurityPolicyRule.MessageFlow [8]: evaluating message flow policy (replay checking off, expiration 6000000)
      2007-12-14 10:53:39 WARN OpenSAML.SecurityPolicyRule.NullSecurity [8]: security enforced using NULL policy rule, be sure you know what you're doing
      2007-12-14 10:53:39 DEBUG Shibboleth.SSO.SAML2 [8]: SSO profile processing completed successfully
      2007-12-14 10:53:39 DEBUG Shibboleth.SSO.SAML2 [8]: extracting pushed attributes...
      2007-12-14 10:53:39 DEBUG Shibboleth.AttributeDecoder [8]: decoding SimpleAttribute (unscoped-affiliation) from SAML 2 Attribute (urn:oid:1.3.6.1.4.1.5923.1.1.1.1) with 2 value(s)
      2007-12-14 10:53:39 DEBUG Shibboleth.AttributeDecoder [8]: decoding SimpleAttribute (entitlement) from SAML 2 Attribute (urn:oid:1.3.6.1.4.1.5923.1.1.1.7) with 1 value(s)
      2007-12-14 10:53:39 DEBUG Shibboleth.AttributeFilter [8]: filtering 2 attribute(s) from (unknown source)
      2007-12-14 10:53:39 DEBUG Shibboleth.AttributeFilter [8]: applying wildcard rule(s) for attribute (unscoped-affiliation) from (unknown source)
      2007-12-14 10:53:39 DEBUG Shibboleth.AttributeFilter [8]: applying wildcard rule(s) for attribute (entitlement) from (unknown source)
      2007-12-14 10:53:39 DEBUG Shibboleth.SSO.SAML2 [8]: resolving attributes...
      2007-12-14 10:53:39 DEBUG Shibboleth.AttributeResolver [8]: found AttributeStatement in input to new session, skipping query
      2007-12-14 10:53:39 DEBUG Shibboleth.SessionCache [8]: creating new session
      2007-12-14 10:53:39 DEBUG Shibboleth.SessionCache [8]: storing new session...
      2007-12-14 10:53:39 DEBUG XMLTooling.StorageService [8]: inserted record (session) in context (_5d52f69542bcf35fee5b2840e8b056c1)
      2007-12-14 10:53:39 DEBUG XMLTooling.StorageService [8]: inserted record (_ad4a68fec5dbb9774f7342d556089c09) in context (NameID)
      2007-12-14 10:53:39 DEBUG XMLTooling.StorageService [8]: inserted record (_abd4527de9e1578406a113583a6f4d87) in context (_5d52f69542bcf35fee5b2840e8b056c1)
      2007-12-14 10:53:39 INFO Shibboleth.SessionCache [8]: new session created: SessionID (_5d52f69542bcf35fee5b2840e8b056c1) IdP (none) Address (71.208.229.5)

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            ndk Nate Klingenstein
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: