Default pages bug in 3.2.3?

[Phillip Grandsard]

This happens to both built-in and assertion attributes from the IdP.
I did add an assertion attribute extractor, but only to set the built-in
variables to upper case.
<AttributeExtractor type="Assertion"
Issuer="SHIB-IDENTITY-PROVIDER"
AuthnInstant="SHIB-AUTHENTICATION-INSTANT"
AuthnContextClassRef="SHIB-AUTHNCONTEXT-CLASS"
AuthnContextDeclRef="SHIB-AUTHNCONTEXT-DECL"
SessionIndex="SHIB-SESSION-INDEX"
/>

My workaround was to stop using the default document.

On Sat, Aug 7, 2021 at 10:01 AM Cantor, Scott <cantor.2 at osu.edu> wrote:

> Actually, I'm puzzled, because based on the code, this shouldn't be
> happening. The duplication of the values is only something that appears to
> affect the attribute export step. The "built-in" variables are just applied
> with a call that ends up calling SetServerVariable or SetHeader directly,
> not appending to pre-existing state.
>
> So there should not have been any duplication introduced by the security
> fix and I have no idea what you're seeing here.
>
> If by some chance you're actually using the workaround I mentioned with
> the Assertion attribute extractor instead, then that would result in
> duplication, but setting the option to block export of duplicate attribute
> values would address that.
>
> If that option didn't work for the attributes, then that would explain the
> other duplication as well but it did for me and for others that applied
> that as a workaround for Microsoft's bug.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210809/121fc8aa/attachment.htm>