Shibboleth SP error: SubjectLocality must have Address or DNSName

Owned by Former user (Deleted)
2019-01-03
1 min read

Problem

Shibboleth SP complains “SubjectLocality must have Address or DNSName.” How can this be set by SSO?

Solution

By default unix/win32.config has setting of Netmask = disabled , which prevents the sending of the AuthnStatement <saml:SubjectLocality/> element in a SAML Response message

To set your IP address as <saml2:SubjectLocality Address="xx.xx.xx.xx"/>

  1. Define a netmask value in the win32.config/unix.config and uas.properties files
  2. Run tomcat/update

Note: The network address of the browser clients is used to keep track of user sessions. The netmask is used to determine if the client’s network address is allowed to change. The default value disabled or 0.0.0.0 allows the client’s network address to change during a session, whereas the value enabled or 255.255.255.255 would not allow the address to change during a session. Value subnet is another predefined value for netmask 255.255.255.0.

DNS name cannot be set, only IP address can be used.



Ubisecure Privacy Policy & Cookie Statement