You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Jan Bernhardt (JIRA)" <ji...@apache.org> on 2015/04/24 17:06:39 UTC
[jira] [Created] (CXF-6372) Generating distinct claim values for
multi-value LDAP attributes
Jan Bernhardt created CXF-6372:
----------------------------------
Summary: Generating distinct claim values for multi-value LDAP attributes
Key: CXF-6372
URL: https://issues.apache.org/jira/browse/CXF-6372
Project: CXF
Issue Type: Improvement
Components: STS
Reporter: Jan Bernhardt
Assignee: Jan Bernhardt
Priority: Minor
Fix For: 3.1.0
The LDAP claim handler generates only a single value element for a claim with delimited values, even thou a claim also supports multiple distinct values.
This task is about to improve this behavior.
Old behavior sample: {{memberOf}} attribute from LDAP would be generated like this in the SAML token:
{code}
<saml2:AttributeStatement>
<saml2:Attribute Name=".../05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xsi:type="xs:string">admin;user;manager</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
{code}
New behavior sample: {{memberOf}} attribute from LDAP would be generated like this in the SAML token:
{code}
<saml2:AttributeStatement>
<saml2:Attribute Name=".../05/identity/claims/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xsi:type="xs:string">admin</saml2:AttributeValue>
<saml2:AttributeValue xsi:type="xs:string">user</saml2:AttributeValue>
<saml2:AttributeValue xsi:type="xs:string">manager</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)