Troubles with idp.authn.LDAP.returnAttributes property
Guillaume Rousse
guillaume.rousse at renater.fr
Thu Oct 3 11:56:03 EDT 2019
Le 03/10/2019 à 17:22, Peter Schober a écrit :
> * Guillaume Rousse <guillaume.rousse at renater.fr> [2019-10-03 15:39]:
>> According to my understanding of (Spring|Velocity|whatever templating system
>> used) syntax, this should result in a default value of "1.1" for the value
>> attribute, as the idp.authn.LDAP.returnAttribute property is undefined. And
>> according to the documentation (https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration),
>> it should result in no attribute fetching at all.
>
> The above documentation doesn't have a "Default" column so maybe it
> doesn't specify the default values the IDP would use if none are
> configured?
> But even then a default would only apply if the property wasn't set,
> but you did set it, only to empty value?
>
> I may still be misunderstanding this but AFAICT it works as desiged:
> You told the IDP to get everything by setting the property to nothing,
> That's LDAP search request attribtues for you.
That would be true if ldap-authn-config.xml didn't imposed a default
value, ie:
<constructor-arg
type="java.lang.String"
value="%{idp.authn.LDAP.returnAttributes}"
/>
However, it is supposed to enforce '1.1' as default value:
<constructor-arg
type="java.lang.String"
value="%{idp.authn.LDAP.returnAttributes:1.1}"
/>
Regards.
--
Guillaume Rousse
Pôle SSI
Tel: +33 1 53 94 20 45
www.renater.fr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3637 bytes
Desc: Signature cryptographique S/MIME
URL: <http://shibboleth.net/pipermail/users/attachments/20191003/3a56f4ac/attachment.p7s>
More information about the users
mailing list