[IDP-573] Resolver mishandles null and empty values from data connectors - Shibboleth JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.0.0
Fix Version/s: 3.1.0
Component/s: Attribute Resolver
Labels:
None
Environment:

Linux Redhat 6. IDP 3.0, Java 1.8 Apache-Tomcat 8

Description

After upgraded to IDP 3.0, I got runtime exception when ran aacli.sh. The same attribute-resolver.xml works fine in IDP 2.0

2015-01-16 11:48:41,260 - ERROR [net.shibboleth.idp.profile:-2] - Uncaught runtime exception
net.shibboleth.utilities.java.support.logic.ConstraintViolationException: Attribute value cannot be null or empty
at net.shibboleth.utilities.java.support.logic.Constraint.isNotNull(Constraint.java:210)

Attribute-resolver.xml
<resolver:AttributeDefinition id="mail" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
xsi:type="Simple"
sourceAttributeID="mail">

<resolver:Dependency ref="myAD" />
<resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
name="urn:oid:0.9.2342.19200300.100.1.3"
friendlyName="mail" />

</resolver:AttributeDefinition>

<resolver:DataConnector id="myAD" xsi:type="LDAPDirectory" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
ldapURL="ldap://query.ad.cornell.edu:3268"

baseDN="DC=cornell,DC=edu"
principal=“xxxxx"
principalCredential=“xxx" >
<FilterTemplate>
<![CDATA[
(cn=$requestContext.principalName)
]]>
</FilterTemplate>
<LDAPProperty name="java.naming.referral" value="follow"/>
</resolver:DataConnector>

Attachments

Activity

People

Assignee:: Scott Cantor

Reporter:: Hong Ye

Watchers:: 6 Start watching this issue

Dates

Created:: 16/Jan/15 6:58 PM

Updated:: 02/May/15 4:41 AM

Resolved:: 02/May/15 4:41 AM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

4d 5h 22m