In our IdPV2 deployments with uApprove, we have been setting the attribute order by whitelisting all attribute in the desired order.
We see this as critical for the user experience to group attributes together on the consent screen (e.g., commonName, displayName, givenName and surname are all together).
In IdPV3, there is no way to set the attribute order. The attributes appear in a "random" order - that does not change with a reload of the screen but does change if the set of attributes changes.
The rendering is done by a Velocity template (views/intercept/attribute-release.vm) that only iterates over the Map it receives.
The Map is a LinkedHashMap that should be preserving order. I tried digging through the code to see where it comes from, but could not find it.
I see one option for this as consistently using order-preserving Sets/Maps across the whole code, and then perhaps order could be determined by the order in which the attributes are listed in attribute-resolver.xml.
Alternatively, this is what I did as a workaround:
- Add a new property to conf/idp.properties listing all defined attributes in the preferred order:
And then modifying attribute-release.vm to use this property as the preferred order:
The code filters out attributes specified in the property but not in the current context, but does not render attributes that were not listed in the property.
I was trying to append the entries from consentableAttributes.keySet() that are not in the ordered list at the end, but my Velocity-fu is not good enough for that (totally new to Velocity and guessing on the syntax).
Would this be worth adding for the next release - some option of setting the attribute order?