Encoding attributes with multiple encoders

Cantor, Scott cantor.2 at osu.edu
Sun Aug 9 14:33:20 EDT 2015

On 8/9/15, 10:50 AM, "users on behalf of Rod Widdowson" <users-bounces at shibboleth.net on behalf of rdw at steadingsoftware.com> wrote:

>> it seems to release only the final encoded attribute.  
>From reading the code I would have expected to see the first. But I’ll confirm that that is what the AddAttributeStatementToAssertion actions do (each IdPAttribute gets encoded by a maximum of one encoder).  
>I'd defer to Scott as to whether that is correct, although lack of backwards compatibility has always got to be treated with suspicion.

It sounds like a bug, although in practice most cases where this was being done were actually suboptimal. Usually the goal was to encode it differently for a different RP, and so attaching a condition to the encoder might be the better choice here, but I don't think it was intentional that the behavior changed, no.

-- Scott


More information about the users mailing list