I am using one-login’s php-saml library to use as an SP to connect to a client’s IDP. For some reason though, when the client sends their SAML response, the array that is set by
$_SESSION['samlUserdata'] = $auth->getAttributes()
returns empty. If anyone has any insight as to what reason(s) why this could be happening, it would be greatly appreciated if you would share.
First of all, I would recommend to check your own saml metadata.
Do you have a list of attributes you want to get? Like:
<md:AttributeConsumingService index="1"> <md:ServiceName xml:lang="en">Service</md:ServiceName> <md:ServiceDescription xml:lang="en">Sign-on</md:ServiceDescription> <md:RequestedAttribute Name="username" isRequired="true" /> <md:RequestedAttribute Name="email" isRequired="true" /> <md:RequestedAttribute Name="firstName" isRequired="true" /> <md:RequestedAttribute Name="lastName" isRequired="true" /> </md:AttributeConsumingService>
Second, if applicable, try to capture an incoming request and analyze it manually.
Also, ensure the client is properly configured according to your metadata.
It won’t send everything about a logged in user.
The client has to explicitly declare/map/configure attributes for your SAML.