Project

General

Profile

Bug #6378

SAML attribute with the same value should be collapsed

Added by Benjamin Dauvergne over 4 years ago. Updated over 1 year ago.

Status:
Fermé
Priority:
Haut
Category:
SAML
Target version:
Start date:
29 Jan 2015
Due date:
% Done:

100%

Patch proposed:
Yes
Planning:
No

Description

Actually if two attributes rules provide the same value for the same attribute, it's encoded two times in the assertion but only one occurence should be kept.

Ex.: extract uid from the Django username attribute or the LDAP uid attribute, if they are the same, keep only one.

0001-idp-saml-collapse-attribute-values.patch View (2.07 KB) Benjamin Dauvergne, 31 Mar 2015 09:31 AM

Associated revisions

Revision 6ceeff92 (diff)
Added by Benjamin Dauvergne over 4 years ago

idp/saml: collapse attribute values (fixes #6378)

If two AttributeValue for the same value, name and name format would be
created, we skip its creation. It allows to configure attributes for
django_user_username and LDAP uid at the same without getting two times
the same value, as LDAP users also expose the Django user attributes.

Revision bb1788a1 (diff)
Added by Benjamin Dauvergne over 4 years ago

idp/saml: collapse attribute values (fixes #6378)

Coninuation of commit 6ceeff9.

Previous patch was too simple, this one remove any lasso specialization
in the SAMLAttribute model. The method to_lasso_attribute was renamed
to_tuples, it now returns tuples maed of the name, the name format, a
friendly name or None and a value. Lasso specific are now completely in
the add_attributes() function of the saml2_endpoints module.

Tuples are aggregated arround their lasso.Attribute target in a
dictionnary indexed by name and name_format. The dictionnary is
initialized using attributes already present in the assertion, for retro
compatibility with attribute aggregator until its removal. Only values
having an unique MiscTextNode with textChild equals to true are
considered.

History

#1 Updated by Benjamin Dauvergne over 4 years ago

  • Category set to SAML

#2 Updated by Benjamin Dauvergne over 4 years ago

  • Assignee set to Benjamin Dauvergne
  • Priority changed from Normal to Haut

#3 Updated by Benjamin Dauvergne over 4 years ago

  • Target version set to future

#4 Updated by Benjamin Dauvergne over 4 years ago

  • Target version changed from future to 2.1.12

#5 Updated by Benjamin Dauvergne over 4 years ago

  • Target version changed from 2.1.12 to 2.1.13

#6 Updated by Benjamin Dauvergne over 4 years ago

  • Target version changed from 2.1.13 to 2.2.0

#7 Updated by Benjamin Dauvergne over 4 years ago

#8 Updated by Benjamin Dauvergne over 4 years ago

Commit log:

commit 6ccb53530f6a9033bcb1dc7ae48e68b4f9698407
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Tue Mar 31 09:28:45 2015 +0200

    idp/saml: collapse attribute values

    If two AttributeValue for the same value, name and name format would be
    created, we skip its creation. It allows to configure attributes for
    django_user_username and LDAP uid at the same without getting two times
    the same value, as LDAP users also expose the Django user attributes.

#9 Updated by Benjamin Dauvergne over 4 years ago

  • % Done changed from 0 to 100
  • Status changed from Nouveau to Résolu (à déployer)

#10 Updated by Benjamin Dauvergne over 4 years ago

  • Status changed from Résolu (à déployer) to Nouveau

Patch is buggy as value can be multivalued.

#11 Updated by Benjamin Dauvergne over 4 years ago

  • Status changed from Nouveau to Résolu (à déployer)

#12 Updated by Benjamin Dauvergne over 4 years ago

  • Status changed from Résolu (à déployer) to Solution déployée

#13 Updated by Benjamin Dauvergne over 4 years ago

  • Status changed from Solution déployée to Résolu (à déployer)

#14 Updated by Benjamin Dauvergne over 3 years ago

  • Status changed from Résolu (à déployer) to Solution déployée

#15 Updated by Benjamin Dauvergne over 1 year ago

  • Status changed from Solution déployée to Fermé

Also available in: Atom PDF