2 Replies Latest reply on Sep 28, 2011 5:12 AM by andy80

    AttributeValue missing from Microsoft AD FS.

    andy80

      Hi all,

       

      I am trying to get a seam-picketlink app running towards a AD FS.

      All seems good except for one detail, the parsing of the XML in the SAMLResponse.

       

      When trying my app towards OpenAM, everything works like a charm. I get logged in correctly, and also I get the Attributes from the OpenAM account.

      However, when trying to login against the AD FS, I do get successfully logged in, but no Attributes are picked up by the picketlink-seam module. When looking in the logs, I can see that seam intercepts the POST correctly, and when looking at the XML that is printed to the log I clearly see all Attributes that are shipped with the SAMLResponse.

       

      The error seems to lie in that there are missing attributes on the <AttributeValue> tag. When comparing between the SAMLResponse from OpenAM and from AD FS the difference is that the following parameters are NOT present in the SAMLResponse from AD FS:

       xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"
      

      This casues the Unmarshalling to not pick up the actual value, and instead I get Attributevalue=Null when trying to extract the attribute data from the SamlPrincipal in the internalAuthenticate method.

       

      I would really appriciate any input on this.

       

      Best Regards,

       

      Andreas