Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-98

Support multiple values under same attribute name from SAML response

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 5.0.0
    • Component/s: SAML
    • Environment:
      Redhat Linux, Tomcat 7, java 6
    • Support Ticket IDs:

      Description

      The function is not supported in the code.
      From a valid SAML response, one attribute can contain multiple values. For example:

      <Attribute xmlns:a="http://schemas.xmlsoap.org/ws/2009/09/identity/claims"
                 Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
                 a:OriginalIssuer="http://domain.name.com/adfs/services/trust">
          <AttributeValue>role1</AttributeValue>
          <AttributeValue>role2</AttributeValue>
      </Attribute>
      

      Suggestion:

      1. capable of mapping the values to a delimited string in session, pass the delimiter through JSON configuration
      2. capable of mapping the values to a List<String> in session, so that the list can be sent via headers or form fields in Handler (does EL support that now?)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                markdr Mark de Reeper
                Reporter:
                kello kello [X] (Inactive)
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: