Hi, I created pull request https://github.com/apereo/cas/pull/5124 I would like to break it to 2 separate patches and submit it to master branch. Could you comment on these proposed changes?
1. Add support for getRequestedDefinitions to MetadataRequestedAttributesAttributeReleasePolicy. This change is a continuation of https://github.com/apereo/cas/pull/5051, which creates attributes when requested based on attribute definitions. 2. Change of getAttributesForSamlRegisteredService in MetadataRequestedAttributesAttributeReleasePolicy. Instead of selecting attributes for release using *RequestedAttributes* *Name* or *FriendlyName* provided in SP metadata: - try to search for *SamlIdPAttributeDefinition* in *AttributeDefinitionStore* using urn provided *Name *attribute of *RequestedAttribute* , - if such *SamlIdPAttributeDefinition* exists, then use the *key* provided in this attribute definition to search and release user attribute, - if above fails, then try to search for user attribute using *RequestedAttribute* *FriendlyName*. Sample RequestedAttribute definition in SP metadata looks like this: <md:RequestedAttribute FriendlyName="schacPersonalUniqueCode" Name="urn:oid:1.3.6.1.4.1.25178.1.2.14" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> Without this change it is necessary to define attribute twice to handle resolution by both urn and friendly name, ex.: "schacPersonalUniqueCode" : { "@class" : "org.apereo.cas.support.saml.web.idp.profile.builders.attr.SamlIdPAttributeDefinition", "key" : "schacPersonalUniqueCode", "name" : "schacPersonalUniqueCode", "urn" : "urn:oid:1.3.6.1.4.1.25178.1.2.14", "friendlyName" : "schacPersonalUniqueCode" }, "urn:oid:1.3.6.1.4.1.25178.1.2.14" : { "@class" : "org.apereo.cas.support.saml.web.idp.profile.builders.attr.SamlIdPAttributeDefinition", "key" : "urn:oid:1.3.6.1.4.1.25178.1.2.14", "name" : "schacPersonalUniqueCode", "urn" : "urn:oid:1.3.6.1.4.1.25178.1.2.14", "friendlyName" : "schacPersonalUniqueCode", "attribute" : "schacPersonalUniqueCode", }, Besides, selecting attributes using urn provided in attribute definition is more robust then using friendly names, because friendly names are inconsistently used in SP metadata. -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/31f09b74-c3e1-4ff5-9ec7-262ce707674bn%40apereo.org.
