Set Assertion ENV var when attribute is empty
Tom Noonan
tom at joinroot.com
Thu Mar 14 12:38:13 EDT 2019
Good afternoon:
I'm setting up some custom attribute through SPv3 and running into some
headaches with empty values. Our IdP defaults to empty if an attribute
hasn't been set on a user's profile:
<saml2:Attribute Name="role"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string"/>
</saml2:Attribute>
I currently have the attribute mapped like so:
<Attribute name="role" id="role">
<AttributeDecoder xsi:type="StringAttributeDecoder"
caseSensitive="false"/>
</Attribute>
The issue I'm seeing is that when the value is blank from the IdP the SP
omits the attribute. If I go to Shibboleth.sso/Session in my browser the
assertion isn't listed under attributes. I'd prefer to have it set with
the empty string rather than be omitted, reason being that right now I
can't tell if the attribute is omitted because it's blank in the user's
profile or if it's omitted because of a configuration error. Is it
possible to set the attribute to the empty string if the attribute value in
the assertion is empty?
--Tom Noonan II
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190314/8c4674d0/attachment.html>
More information about the users
mailing list