Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-765

Consent storage key attribute must be released

    XMLWordPrintable

    Details

      Description

      When using an attribute to determine the storage key used to store consent records, if the attribute is not released the storage key will be incorrect, especially when using server-side storage.

      Relevant properties in conf/idp.properties :
      idp.consent.userStorageKey = shibboleth.consent.AttributeConsentStorageKey
      idp.consent.userStorageKeyAttribute = <un-released attribute ID>

      I guess the n.s.idp.consent.logic.AttributeValueLookupFunction could throw an unchecked exception if the attribute does not exist, but we don't want to block SSO, so maybe instead the AbstractConsentStorageAction should "validate" the storage key and return an appropriate Event.

      Using the unfiltered attribute context will help, but not totally eliminate what I guess would be considered a "config issue".

      http://shibboleth.net/pipermail/users/2015-July/022636.html

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tzeller@shibboleth.net Tom Zeller
              Reporter:
              tzeller@shibboleth.net Tom Zeller
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: