Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-785

Behavior with multiple attribute-encoders on an attribute inconsistent with v2

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.2.0
    • Component/s: Attribute Resolver
    • Labels:
      None
    • Environment:

      [root@0e81766e9168 /]# java -version
      java version "1.8.0_45"
      Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
      Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)

      Description

      In v2 I used to specify multiple encoders on an attribute. What I believed was happening, was that each encoder would result in the attribute being published in the assertion multiple times (once per encoder). I'm not 100% sure that was what really was happening anymore, but at a minimum what was happening was the FIRST encoder listed was what got put into the assertion. In IdPv3 what I'm seeing is the LAST encoder on the attribute is what is making it into the assertion. Here is an example from my environment:

       <resolver:AttributeDefinition id="ucStudentID" xsi:type="Simple" xmlns="urn:mace:shibboleth:2.0:resolver:ad"
                                        sourceAttributeID="ucStudentID">
              <resolver:Dependency ref="directory"/>
                      
              <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                         name="urn:oid:1.3.6.1.4.1.30729.2.2.1.6.1" friendlyName="cs_cust_id"/>
      
              <resolver:AttributeEncoder xsi:type="SAML1String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                         name="urn:mace:dir:attribute-def:ucStudentID"/>
              
              <resolver:AttributeEncoder xsi:type="SAML2String" xmlns="urn:mace:shibboleth:2.0:attribute:encoder"
                                         name="1.3.6.1.4.1.9902.2.1.1" friendlyName="ucStudentID"/>
          </resolver:AttributeDefinition>
      
      

      Aside from possibly making it clearer on what happens with multiple attribute encoders in the docs, I'd like to request that the behavior I thought was happening (each encoder causes the attribute to be expressed multiple times encoded as applied in a single assertion) be written.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            davel@uchicago.edu davel@uchicago.edu
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m