TransformAttributeResolver adds instead of replacing values
Peter Schober
peter.schober at univie.ac.at
Tue Sep 7 12:59:29 UTC 2021
* Kimmo Koivisto <kimmo.koivisto at netum.fi> [2021-09-07 13:15]:
> When using transform, destination attribute is not replaced as I
> understood from documentation but transformed value is added and
> multivalue attribute is created.
> https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334474/TransformAttributeResolver
[...]
> As I understood from the documentation, dest attribute should be replaced by transform.
> Transform regex reads the proper value from source attribute but does not replace dest attribute.
It doesn't actually say that, I think. You could either not specify
'dest' in which case the original values would be replaced by the
transformed ones, or you could specify 'dest' in which case the
transformed values would be put into the attribute specified by
'dest'.
(I.e., there's no statement in those docs about what happens if the
'dest' attribute already exists and contains values. From your
observation it should be clear that it adds the values, instead of
throwing away previously existing values.)
> How to replace existing values using transform or is there other
> ways to handle this?
Maybe create a copy of the source attribute by another name (e.g. via
a Template resolver) and then in-place transform the values of the
copy?
> If not possible, is there any way one could convert multivalue
> attribute to single value to fix this?
How should the software know which value you'd like to keep?
There does exist functionality in the software that would de-duplicate
multiple values but in your case they're not duplicates (i.e.,
multiple, identical values).
What are you ultimately trying to achieve? To overwrite
'nationalIdentificationNumber' with the truncated value from
'schacPersonalUniqueID' (if the latter exists) but leave
'nationalIdentificationNumber' as is if no schacPersonalUniqueID
exists (or the regex doesn't match)?
I take it transforming schacPersonalUniqueID into a different
attribute and then deciding (in your own code or possibly additional
transformations later) whether to pick the transformed value from
schacPersonalUniqueID or whether to use nationalIdentificationNumber
(if available) is not an option?
-peter
More information about the users
mailing list