I believe this case simply may not have been originally considered, analogously to the same bug in LDAP:
https://jira.lyrasis.org/browse/DS-4388 Regards, ~~helix84 On Tue, Jul 14, 2020 at 1:34 AM Gary Browne <[email protected]> wrote: > > Hi all, > > DSpace 6.3 > Apache 2.4.41 > Tomcat 7.0.84 > Amazon Linux 2 > > I have Shibboleth auth set up, with auto group allocation. However, in some > cases it appears not to be working. I haven't enough data to be sure, but I > know in some cases we are receiving a SAML response which contains the role > attribute like this: > > <Attribute > Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role";> > <AttributeValue>staff</AttributeValue> > <AttributeValue>student</AttributeValue> > </Attribute> > > Here's my config: > > # The shibboleth header to do role-based mappings > authentication-shibboleth.role-header = SHIB-SCOPED-AFFILIATION > > # Whether to ignore the attribute's scope or value. > authentication-shibboleth.role-header.ignore-scope = true > authentication-shibboleth.role-header.ignore-value = false > > # Default mappings of roles values to a comma separated list of DSpace group > # names (Case Sensitive). > authentication-shibboleth.role.staff = staffsubmit > authentication-shibboleth.role.student = studentsubmit > > Will DSpace do anything with a response that contains more than one > AttributeValue for an Attribute (in this case, role)? It looks like in this > situation, DSpace doesn't allocate the user to any groups. > > Should I get the IdP to send only one attribute value? But which one!? Have > any other institutions come across this issue? > > Thanks for your help, > Gary > > > -- > All messages to this mailing list should adhere to the DuraSpace Code of > Conduct: https://duraspace.org/about/policies/code-of-conduct/ > --- > You received this message because you are subscribed to the Google Groups > "DSpace Technical Support" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/dspace-tech/09add5d6-5940-4a6e-878d-7220bbce83f0o%40googlegroups.com. -- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CAGdvKqgJdrkfr7X_-qyxxxqRyUHXpME9fW82GOxLipD-6JmmGw%40mail.gmail.com.
