Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15198

WS-FED Attribute Mapper returns incorrect map when AM is SP

    Details

    • Sprint:
      AM Sustaining Sprint 65
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      In this case, the WS-FED SP will never use local attribute name, but instead always return a map made of claims attribute name and claims value.

      in com.sun.identity.wsfederation.plugins.DefaultSPAttributeMapper.getAttributes(), line 107, it is currently defined:

       

      String attributeName = ((Attribute) attribute).getAttributeName();
      {{ String localAttribute = configMap.get(attributeName);}}
      {{ if (StringUtils.isNotEmpty(localAttribute)) {}}
      {{ localAttribute = attributeName;}}
      {{ }}}

      in comparison to:

      String attributeName = ((Attribute) attribute).getAttributeName();
      {{ String localAttribute = configMap.get(attributeName);}}
      {{ if (StringUtils.isEmpty(localAttribute)) {}}
      {{ localAttribute = attributeName;}}
      {{ }}}

       

      I.e: If the following Attribute Mapping is configured:

      Email = upn and AM, acting as a WS-FED SP, it receives: Email = user@mail.com.
      Then DefaultSPAttributeMapper.getAttributes() will return a map where Email = user@mail.com , while upn = user@mail.com is expected. 

       

      Following: https://bugster.forgerock.org/jira/browse/OPENAM-11312

      The original problem represents AM as IDP and a remote SP, the current case is of AM as SP, which was not covered in the test cases for the fix. Looking back at the code changes, this logic does appear to be inverted compared to the original:
      {{}}

      if (localAttribute == null || localAttribute.length()== 0) {
      {{}}

      if (StringUtils.isNotEmpty(localAttribute)) {

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                alex.belovski Alex Belovski
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: