Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8226

the default IdP Attribute Mapper should read attributes from data store or SSO session regardless the setting of the 'profile' property in core auth service

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 10.0.0, 10.0.1, 10.1.0-Xpress, 10.0.2, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 13.0.0
    • Fix Version/s: None
    • Component/s: SAML
    • Labels:
      None
    • Support Ticket IDs:

      Description

      currently the provided IdP Attribute Mapper only retrieves attributes from the data store or SSO session, when the if the setting of attribute iplanet-am-auth-dynamic-profile-creation of the iPlanetAMAuthService is not set to true , createAlias or ignore .

      This behavior causes people to create their own custom attribute mapper.

      However there is no obvious reason why the attribute mapper should not try to read attribute in all cases.

      Code in question:

      com.sun.identity.saml2.plugins.DefaultLibraryIDPAttributeMapper.java
          /**
           * Returns list of SAML <code>Attribute</code> objects for the 
           * IDP framework to insert into the generated <code>Assertion</code>.
           * 
           * @param session Single sign-on session.
           * @param hostEntityID <code>EntityID</code> of the hosted entity.
           * @param remoteEntityID <code>EntityID</code> of the remote entity.
           * @param realm name of the realm.
           * @exception SAML2Exception if any failure.
           */
          public List getAttributes(Object session, String hostEntityID, String remoteEntityID, String realm)
                  throws SAML2Exception {
      ...
                  if (!isDynamicalOrIgnoredProfile(realm)) {
                      try {
                          // Resolve attributes to be read from the datastore.
                          Set<String> stringAttributes = new HashSet<String>(configMap.size());
                          Set<String> binaryAttributes = new HashSet<String>(configMap.size());
                          for (String localAttribute : configMap.values()) {
      ...
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: