Null/Empty value encoding support for requested attribute (ref. saml-core-2.0 spec par. 126.96.36.199.1)
cantor.2 at osu.edu
Thu Sep 19 08:30:56 EDT 2019
On 9/19/19, 5:42 AM, "users on behalf of Diego Pietralunga" <users-bounces at shibboleth.net on behalf of diego.pietralunga at lepida.it> wrote:
> 1) Am I correct that Shibboleth IDP does not support this? If so, why?
I don't think it does and "why" is that it's a bad idea to start making weird distinctions like this, not handled by most SPs if we did, and nobody has asked.
> 2) Am I correct that this should be handled by an Encoder *only*, or
> there may be other things to take care of?
Attributes with zero values are gone by then. Attributes with null or empty values I think will still be present and available to an encoder if one chose to do something with them.
> 3) In case there is no direct IDP support (or viable workarounds) and we
> fulfill the requirement, should this be done by implementing some
> kind of... "Saml2NilFriendlyStringEncoder" and try to configure it to
> handle xsi:type="SAML2String" ?
If something isn't supported, then there has not been sufficient thought to answer a design question with a yes or no.
If you're a GARR member, they can file a request for support on your behalf or give you the ability to get support under that mechanism. I can't spend time for free to start diving into something like that.
> Can you give some suggestions, please?
Every day I listen to claims that SP A or B "can't" do something, most of which are flat out lies to mask an unwillingness to perform even basic job functions. This isn't a sensible design decision on the part of whoever's asking, so I'd move on and just tell them it isn't within the software's capabilities at present.
More information about the users