[OPENAM-9143] SAML IdP attribute mappers should work with profile attributes even when the user profile mode is set to dynamic Created: 17/Jun/16  Updated: 19/May/17  Resolved: 03/Aug/16

Status: Resolved
Project: OpenAM
Component/s: SAML
Affects Version/s: 11.0.0, 12.0.0, 13.0.0, 13.5.0
Fix Version/s: 12.0.4, 13.5.1, 14.0.0

Type: Bug Priority: Major
Reporter: Peter Major [X] (Inactive) Assignee: Mark de Reeper
Resolution: Fixed Votes: 0
Labels: EDISON, test-candidate
Remaining Estimate: 0h
Time Spent: 3h
Original Estimate: 3h

Issue Links:
Duplicate
is duplicated by OPENAM-8226 the default IdP Attribute Mapper shou... Resolved
Target Version/s:
Sprint: AM Sustaining Sprint 25
Support Ticket IDs:
QA Assignee: Filip Kubáň [X] (Inactive)
Verified Version/s:

 Description   

The out of the box SAML IdP Attribute Mapper implementation does not map profile attributes when the user profile mode has been configured to Dynamic or Dynamic with Alias mode. Since the point of the Dynamic profile mode is to ensure that a profile gets successfully created at the time of the authentication, it would perfectly reasonable for the SAML AttributeMapper to just simply map the attributes coming from the freshly created user account (or even from the old account that was previously dynamically created).



 Comments   
Comment by Filip Kubáň [X] (Inactive) [ 21/Sep/16 ]

Verified fix on: OpenAM 12.0.4-RC3 Build 7d21528d51 (2016-September-06 15:25)

Comment by Andrew Vinall [ 15/May/17 ]

Verified as working in OpenAM 13.5.1-RC2 Build 149fc42dac (2017-April-20 08:29)
Reproduced in OpenAM 13.5.0 Build 550cfe7d60 (2016-July-13 08:43)

Steps:

  • Set IdP User Profile to Dynamic
  • Perform auto-federation

Observed:

  • In 13.5.0 auto-federation failed
  • In 13.5.1 auto-gederation succedded
Generated at Thu Sep 24 15:21:51 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.