Hi Josh, Last question before I try again, there is no shibboleth affiliation in my VCL database. So should I be creating a new affiliation for shibboleth and populating the shibname field, or should I use the existing LDAP configured affiliation and populate its shibname field?
Thanks -----Original Message----- From: Josh Thompson <[email protected]> Sent: Wednesday, August 26, 2020 11:04 AM To: [email protected] Subject: Re: [Suspected SPAM] Re: [EXTERNAL] Re: ADFS SSO Authentication -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Ariel, Responses inline. On Wednesday, August 26, 2020 7:57:08 AM EDT MARTINEZ, ARIEL wrote: > Hi Josh, > > Thanks for this. I made the changes and there is no more unauthorized > error message on the page. But after logging into the identity > provider, when it gets redirected back to the main VCL directory, it > did not login. Selecting the shibboleth affiliation just keeps > redirecting back to that login selection page. > > But I think I am very close now to getting it to work. > > So from the eppn attribute, it will use whatever is after the @ to > find a matching affiliation in VCL and it should log the user into that? > > I looked in the VCL database for the affiliation table and no > affiliation has the shibname defined. > > Should I manually enter whatever is after the @ from eppn into the > shibname field value? Yes, you'll need to manually update that field in the database. Sorry, I didn't think to mention that before. > When I set up the LDAP login for that affiliation, it is using the > samaccountname from LDAP, whatever is to the left of the @. I think I > may also need to change this to use the LDAP user principal name which > will have the full user@domain format which should match eppn. LDAP authentication works differently. You'll want to leave it using samaccountname. I don't think it will work correctly using the full user@domain format for LDAP. Josh > Thanks. > > On Aug 25, 2020 6:13 PM, Josh Thompson <[email protected]> wrote: - -- - ------------------------------- Josh Thompson VCL Developer North Carolina State University my GPG/PGP key can be found on pool.sks-keyservers.net All electronic mail messages in connection with State business which are sent to or received by this account are subject to the NC Public Records Law and may be disclosed to third parties. -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQRMIdRtWXideTZDK31X8tBw1209AwUCX0Z5ywAKCRBX8tBw1209 A8pYAJ9exuYNo24mTyehlhp7P8KiV9eQgACdFvhpQWR69xQRSbc5PPeRmAyw2Pw= =bPJ2 -----END PGP SIGNATURE-----
