[OPENAM-11474] Custom IDP Attribute mappers may cause failures after upgrade Created: 03/Aug/17 Updated: 24/Aug/20
|Affects Version/s:||13.5.1, 14.0.0, 14.1.0|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Support Ticket IDs:|
After upgrading from 13.5.0 -> 13.5.1 and likely 14.0 it is possible that user extended libraries from DefaultLibraryIDPAttribytMappers. The reason is some of the internal of the these classes changed and in fact the it possible that
1) Old implemenation fails to run
May need to document or release note this or put by the old interface to 13.5.1/14.0.0 for old code
1. Extend a custom adapter from DefaultLibraryIDPAttributeMapper with no implementation, So then there is no profile data for this
2. Create a SAML federation (one IDP and SP)
3. Create some profile mapping from IDP (say uid. and mail)
4. Enable Federation debug. Do a SAML federation can check the SAML
5. Now change the IDP Attribute mapper to the DummyAttributeMapper
All the SAML attributes is sent in the Authn response.
User profile attributes is missing.
Revisit all the old code that implements or extends from the SAML DefaultLibraryIDPAttributeMapper. and change code.
Should DefaultLibraryIDPAttributeMapper be relocated under openam-federation-library
|Comment by Chris Lee [ 16/Apr/18 ]|
Hi Jonathan, I'll loop Gene Hirayama in, the Sustaining Docs Lead. One for the next 13/14 releases Gene?
|Comment by Jonathan Thomas [ 15/Nov/19 ]|
The issue here was highlighting that the change in method name from isDynamicalOrIgnoredProfile to isIgnoreProfile may cause problems on upgrade.
One way to help avoid this, or at least make it more manageable, is to extend from DefaultIDPAttributeMapper, not DefaultLibraryIDPAttributeMapper as this has a correctly.
We should endure that documentation is in line with this as well.