Encoding attributes with multiple encoders
cantor.2 at osu.edu
Sun Aug 9 14:33:20 EDT 2015
On 8/9/15, 10:50 AM, "users on behalf of Rod Widdowson" <users-bounces at shibboleth.net on behalf of rdw at steadingsoftware.com> wrote:
>> it seems to release only the final encoded attribute.
>From reading the code I would have expected to see the first. But I’ll confirm that that is what the AddAttributeStatementToAssertion actions do (each IdPAttribute gets encoded by a maximum of one encoder).
>I'd defer to Scott as to whether that is correct, although lack of backwards compatibility has always got to be treated with suspicion.
It sounds like a bug, although in practice most cases where this was being done were actually suboptimal. Usually the goal was to encode it differently for a different RP, and so attaching a condition to the encoder might be the better choice here, but I don't think it was intentional that the behavior changed, no.
More information about the users