[CXF-6372] Generating distinct claim values for multi-value LDAP attributes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.0.4
Fix Version/s: 3.1
Component/s: STS
Labels:
None

Estimated Complexity:
Unknown

Description

The LDAP claim handler generates only a single value element for a claim with delimited values, even thou a claim also supports multiple distinct values.

This task is about to improve this behavior.

Old behavior sample: memberOf attribute from LDAP would be generated like this in the SAML token:

<saml2:AttributeStatement>
	<saml2:Attribute Name=".../05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
		<saml2:AttributeValue xsi:type="xs:string">admin;user;manager</saml2:AttributeValue>
	</saml2:Attribute>
</saml2:AttributeStatement>

New behavior sample: memberOf attribute from LDAP would be generated like this in the SAML token:

<saml2:AttributeStatement>
	<saml2:Attribute Name=".../05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
		<saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue>
		<saml2:AttributeValue xsi:type="xs:string">user</saml2:AttributeValue>
		<saml2:AttributeValue xsi:type="xs:string">manager</saml2:AttributeValue>
	</saml2:Attribute>
</saml2:AttributeStatement>

Attachments

Issue Links

is related to

CXF-4543 Encode multi value claims as multi-value saml attribute

Closed

Activity

People

Assignee:: Jan Bernhardt

Reporter:: Jan Bernhardt

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Apr/15 15:06

Updated:: 21/Oct/16 18:46

Resolved:: 28/Apr/15 07:16