[CXF-7729] Merge duplicate Attribute elements within an AttributeStatement - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1.13
Fix Version/s: 3.2.5
Component/s: STS
Labels:
None

Estimated Complexity:
Unknown

Description

When multiple claims handlers return values for a given claim type, the resulting AttributeStatement contains duplicate Attribute Elements.

For example, requesting the role claim from two claims handlers might produce the following AttributeStatement:

<saml2:AttributeStatement>
  <saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml2:AttributeValue xsi:type="xsd:string">admin</saml2:AttributeValue>
    <saml2:AttributeValue xsi:type="xsd:string">manager</saml2:AttributeValue>
  </saml2:Attribute>
  <saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml2:AttributeValue xsi:type="xsd:string">viewer</saml2:AttributeValue>
  </saml2:Attribute>
</saml2:AttributeStatement>

It would be nice to merge these Attribute elements to reduce the size of the assertion.

<saml2:AttributeStatement>
  <saml2:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml2:AttributeValue xsi:type="xsd:string">admin</saml2:AttributeValue>
    <saml2:AttributeValue xsi:type="xsd:string">manager</saml2:AttributeValue>
    <saml2:AttributeValue xsi:type="xsd:string">viewer</saml2:AttributeValue>
  </saml2:Attribute>
</saml2:AttributeStatement>

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Josh Smith

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Apr/18 23:33

Updated:: 25/Mar/19 12:28

Resolved:: 26/Apr/18 14:38