Shibboleth IDP4 - AttributeEncoder - friendlyName

Cantor, Scott cantor.2 at
Mon Aug 17 18:21:55 UTC 2020

On 8/17/20, 1:12 PM, "users on behalf of prasanna cg" <users-bounces at on behalf of prasannacgin at> wrote:

>    1) Is this the expected behavior of SAML2String encoder in v4 ? The reason I am asking is, this isn't the way the
> SAML2String plugin behaved in my IDPv3. 

My guess is the code is defaulting FriendlyName from the attribute ID in a way that is unaware of the fact that a legacy AttributeEncoder was used to produce the rule. That's not exactly intentional but I don't know that it's fixable either, I'd have to see whether there's a way to "unset" the property internally to suppress it.

It doesn't technically matter what the behavior is because FriendlyName cannot be used for normative purposes anyway. It would be a problem if the value changed but certainly it's wrong if something cares that it's there. There is no legitimate justification for "it can't be set".

In any event, it's probably not intentional regardless of whether it's fixable so filing a bug on it is fine.

-- Scott

More information about the users mailing list