Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-835

Duplicate Attribute Values in CAS /samlValidate Response

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 3.1.1, 3.1.2
    • Fix Version/s: 3.2.0
    • Component/s: CAS
    • Labels:
      None

      Description

      Attribute values are duplicated in the SAML 1.1 response delivered at /samlValidate:

      <?xml version="1.0" encoding="UTF-8"?>
      <soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
          <soap11:Body>
              <saml1p:Response MajorVersion="1" MinorVersion="1" xmlns:saml1p="urn:oasis:names:tc:SAML:1.0:protocol">
                  <saml1p:Status>
                      <saml1p:StatusCode Value="saml1p:Success"/>
                  </saml1p:Status>
                  <saml1:Assertion AssertionID="_3b8cd64f90a7bd5b5bf474d79bd02b56" IssueInstant="2015-10-21T12:20:54.635Z"
                                   Issuer="https://idp.example.org" MajorVersion="1" MinorVersion="1"
                                   xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion">
                      <saml1:Conditions NotBefore="2015-10-21T12:20:54.635Z" NotOnOrAfter="2015-10-21T12:21:54.635Z">
                          <saml1:AudienceRestrictionCondition>
                              <saml1:Audience>https://test.example.org/</saml1:Audience>
                          </saml1:AudienceRestrictionCondition>
                      </saml1:Conditions>
                      <saml1:AuthenticationStatement AuthenticationInstant="2015-10-21T12:20:54.635Z"
                                                     AuthenticationMethod="authn/Password">
                          <saml1:Subject>
                              <saml1:NameIdentifier>john</saml1:NameIdentifier>
                              <saml1:SubjectConfirmation>
                                  <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod>
                              </saml1:SubjectConfirmation>
                          </saml1:Subject>
                      </saml1:AuthenticationStatement>
                      <saml1:AttributeStatement>
                          <saml1:Subject>
                              <saml1:NameIdentifier>john</saml1:NameIdentifier>
                              <saml1:SubjectConfirmation>
                                  <saml1:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</saml1:ConfirmationMethod>
                              </saml1:SubjectConfirmation>
                          </saml1:Subject>
                          <saml1:Attribute AttributeName="uid" AttributeNamespace="http://www.ja-sig.org/products/cas/">
                              <saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                                    xsi:type="xsd:string">john
                              </saml1:AttributeValue>
                              <saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                                    xsi:type="xsd:string">john
                              </saml1:AttributeValue>
                          </saml1:Attribute>
                          <saml1:Attribute AttributeName="mail" AttributeNamespace="http://www.ja-sig.org/products/cas/">
                              <saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                                    xsi:type="xsd:string">john@example.org
                              </saml1:AttributeValue>
                              <saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                                    xsi:type="xsd:string">john@example.org
                              </saml1:AttributeValue>
                          </saml1:Attribute>
                          <saml1:Attribute AttributeName="eduPersonPrincipalName"
                                           AttributeNamespace="http://www.ja-sig.org/products/cas/">
                              <saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                                    xsi:type="xsd:string">john
                              </saml1:AttributeValue>
                              <saml1:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                                                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                                                    xsi:type="xsd:string">john
                              </saml1:AttributeValue>
                          </saml1:Attribute>
                      </saml1:AttributeStatement>
                  </saml1:Assertion>
              </saml1p:Response>
          </soap11:Body>
      </soap11:Envelope>
      

        Attachments

          Activity

            People

            Assignee:
            serac@vt.edu Marvin S Addison
            Reporter:
            serac@vt.edu Marvin S Addison
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: