Why doesn't the package support multiple NameFormat attributes for the <saml:Attribute> element?
khan-zia opened this issue · 3 comments
Description of the problem
I came across this situation today where I need to be able allow users to add multiple Attribute Statements to their custom SAML integration with our IDP. For each additional attribute statement, I need to allow the user to be able to set the following:
- Name (that will be the
Name
attribute) - NameFormat (That will be the
NameFormat
attribute) - Value (That will be the value that goes in to the
<saml:AttributeValue>
element)
When I took a look at how I could construct the SAMLResponse message for the user's custom SAML integration, I could see no (at least apparent) way to be able to set the NameFormat
INDIVIDUALLY on each user defined Attribute Statement
.
I see a setter
method on the SAML2\Assertion
class that looks like this
$this->assertion->setAttributeNameFormat('');
But that method clearly says that it will set the NameFormat
for ALL attribute statements. (Those that are all set via an associative array at once). This is not the desired functionality. I dug out the following code block from the SAML2\Assertion
class which confirms it. Take a look at this screenshot.
It clearly sets the same NameFormat
inside the foreach loop
for all statements.
Desired result (solution)
Take a look at the following XML
that was generated via a tool which shows the output that I also want.
<saml2:AttributeStatement>
<saml2:Attribute Name="first" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value1
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="second" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value2
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="third" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml2:AttributeValue
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">value3
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
As you can see, the NameFormat
s for all 3 statements are different. How could I achieve this desired XML output (SAMLResponse message) ? Any help will be greatly appreciated.
Hi @khan-zia ! We are aware of this issue and have fixed this in the master-branch.. It's not ready for release yet though..
Thanks @tvdijen for the quick response. Will it be included in the next version? when can we expect the release?
Yes, it wil be included.. We don't have a date yet.. Probably early next year