[jira] [Created] (CXF-6372) Generating distinct claim values for multi-value LDAP attributes

Fri, 24 Apr 2015 08:07:33 -0700 

Jan Bernhardt created CXF-6372:
----------------------------------

             Summary: Generating distinct claim values for multi-value LDAP 
attributes
                 Key: CXF-6372
                 URL: https://issues.apache.org/jira/browse/CXF-6372
             Project: CXF
          Issue Type: Improvement
          Components: STS
            Reporter: Jan Bernhardt
            Assignee: Jan Bernhardt
            Priority: Minor
             Fix For: 3.1.0


The LDAP claim handler generates only a single value element for a claim with 
delimited values, even thou a claim also supports multiple distinct values.

This task is about to improve this behavior.

Old behavior sample: {{memberOf}} attribute from LDAP would be generated like 
this in the SAML token:
{code}
<saml2:AttributeStatement>
        <saml2:Attribute Name=".../05/identity/claims/role" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue 
xsi:type="xs:string">admin;user;manager</saml2:AttributeValue>
        </saml2:Attribute>
</saml2:AttributeStatement>
{code}

New behavior sample: {{memberOf}} attribute from LDAP would be generated like 
this in the SAML token:
{code}
<saml2:AttributeStatement>
        <saml2:Attribute Name=".../05/identity/claims/role" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <saml2:AttributeValue 
xsi:type="xs:string">admin</saml2:AttributeValue>
                <saml2:AttributeValue 
xsi:type="xs:string">user</saml2:AttributeValue>
                <saml2:AttributeValue 
xsi:type="xs:string">manager</saml2:AttributeValue>
        </saml2:Attribute>
</saml2:AttributeStatement>
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to