Ex: Re: attribute resolver/filter reload weirdness (bug?)

Wed Jan 12 21:03:47 UTC 2022

> From: Rod Widdowson
> Sent: Tuesday, January 11, 2022 10:33 PM
> 
> > However, on the wire they just weren't there in the assertion. I confirmed
> > the config had been reloaded when the updated file were deployed:
> 
> Did you reload the attribute registry?

Hmm, that would be a no. I did not think I modified the attribute registry? I did not change any of those configuration files, only the attribute-resolver.xml file:

https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631549/AttributeResolverConfiguration

Based on the documentation for the registry:

https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1272054306/AttributeRegistryConfiguration

"Historically this was addressed with the concept of Attribute Encoders, which were "attached" by the Attribute Resolver to the IdPAttribute objects it produces via Attribute Definitions so the rest of the system could properly encode the XML. This works reasonably well in a lot of cases, and remains supported"

Attaching attribute encoders via the resolver is still supported, and it did not appear from the documentation that one needed to reload the registry configuration when using the resolver for that purpose? There is the disclaimer "though the code under the covers has been completely replaced in this version" regarding using the resolver for configuring encoding, it sounds like this code also needs a registry reload poke as well as the resolver service when doing so? If so, a note to that effect on both pages would be helpful :).

Ok, I restored my dev instance to the original state, then reapplied the changes and reloaded the filter and resolver, reproducing the issue. I then reloaded the registry, which did indeed make it work.

So in general, any time the resolver service is reloaded I should reload the registry? Technically I suppose that's only needed if new encoding is configured in the resolver, but I don't think I want to try and dynamically figure that out when automatically deploying configuration file changes ;).

Thanks much for the insight...