ACSUiInfo needs to filter against empty names as well as empty languages
Description
Environment
Activity
Rod Widdowson April 28, 2020 at 1:33 PM
Id forgotten about the schema fix (if all you have is a hammer .... so I looked for a nail).
Much more elegant
Scott Cantor April 28, 2020 at 12:26 PM
There are challenges trying to do this in the objects themselves because of intermediate states (it would have to be in the unmarshalling process, not the implementation objects).
When I did it in C++ it was more effective to use the Validator construct that used to exist in Java, and apply rules to the objects after the fact so the code could run them under the correct conditions.
Short of reimplementing all that again, I think the simplest option is just to alter the local schemas to impose min facets on the string and anyURI types we use selectively. Most people don't validate so it won't change much but those that do could get more strict behavior.
But we could rebuild the validation layer, it isn't that much code, just a lot of grunt work. I had it much easier because of macros.
Rod Widdowson April 28, 2020 at 9:07 AM
I'm not going to reopen this (yes), But I'll observe that this fix was topical to the IdP.
I wonder whether the supplementary fix is in OpenSAML.
There are obviously some SAML elements (and hence classes which implement org.opensaml.core.xml.schema.XSString) where empty strings are invalid and we could have better locality to warn?
Similarly {{ org.opensaml.core.xml.LangBearing}} should perhaps often (always) not have an empty language.
I'm wondering whether we could add new classes which are intolerant of emptyness for
* LocalizedURIImpl (for lang)
LocalizedName (for lang)
* XSStringImpl (for the contents).
and derive the required impl classes from this?
Then we'd not need to have the null checking when we mine the SAML structures.
I don't speak SAML well enough to know which elements are the ones which matter, otherwise I'd make a concrete proposal,.
Rod Widdowson April 19, 2020 at 3:09 PM
Tests extended
Fixed other outliers (found by grepping of xml:lang) being
UiInfo
Organization
I'm pretty sure that this is done, but I'll leae open pending nightlies and another run over the code.
Rod Widdowson April 18, 2020 at 6:46 PM
It says AssertionConsumerService but I think we're talking about AttributeConsumingService?
Almost certainly
What about the case where both the lang and the content are empty?
We already filtered on empty language. Empty text was what was missing..
I'm guessing there are no unit tests in this area?
That would surprise me since I’m pretty sure I authored the code. Part of work to do before closing is to have a regression test..
If you put
into a metadata file you will die as soon as soon as you try to generate a ACSUINFO from it.
This is because although we filter on an empty language we do not filter on empty contents.
This is probably what was reported here
This bug also trips on empty Organization child elements.