GluuFederation/oxShibboleth

Issue on SAML assertion generation attributes like mail,sn,givenname etc is released twice .

MohitMaliFtechiz opened this issue · 3 comments

MohitMaliFtechiz commented

Describe the issue

Issue on SAML assertion generation attributes like mail,sn,givenname etc is released twice .

Steps To Reproduce

Steps to reproduce the behavior:

  1. loging to gluu-server.
  2. go to SAML
  3. Create new Trust Relationship using desire samltestprovider(my case sptest.iamshowcase)
  4. Test saml and check SAML Assertion .

Expected behavior

Assestion must have each attribute value only one time.

Actual behavior

Each attribute value is displayed twice.

Screenshots

samlissue

Desktop (please complete the following information):

  • OS: Ubuntu 18
  • Gluu version 4.2
malotian commented

I acknowledge that its an side effect of 4.0 Upgrade, sample assertion contains duplicate attributes

<saml2:AttributeStatement>
        <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue>User</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">User</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue>Admin</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="givenName" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">Admin</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue>admin@gluu.ubuntu.nameid.io</saml2:AttributeValue>
        </saml2:Attribute>
        <saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">admin@gluu.ubuntu.nameid.io</saml2:AttributeValue>
        </saml2:Attribute>
    </saml2:AttributeStatement>
malotian commented

Its due to IDP4 Upgrade, But no functional impact as such

refer https://wiki.shibboleth.net/confluence/display/IDP4/ReleaseNotes

—Note that installing from scratch and then applying a legacy configuration will in most cases result in duplicate Attributes appearing in SAML messages due to the overlap between the existing encoders and the new rules. The upgrade process is designed to prevent that by excluding the new rules from the default configuration.—