-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SamlAuth: Can't build profile if User attribute names are uris #221
Comments
Thanks for filing this issue; I wasn’t aware of this. Can you give me an example of an IdP implementation which does this? Pull requests are always welcome in case you have something which would fix this already? Preferably in a way which keeps backwards compatibility. In any case: Can you provide me with a sample SAML assertion so that I can see how it looks like? |
I can't provide the pure SamlResponse right now, but here is what Wicked works with (copied from the logs:
I don't have a fix yet, but will try providing a PR with my first proposal: If required attributes like sub are not mapped, map again using the user object. |
apim-haufe-io/wicked.auth#8 did the trick for me |
Thanks a lot for your PR! I had one small thing, then this looks good for me. |
Merged. |
When using Saml, the buildProfile method uses 'getAttributeNames' to map the SamlResponse user attributes to profile claims.
Some IdPs return uris as attribute names, which does not work well with mustache (the hostnames of the uris have dots and dots can't be escaped in mustache).
This makes building the profile impossible in those cases.
The used saml2-js lib has a neat feature to prettify attributes like that.
https://github.com/apim-haufe-io/saml2/blob/bc740c26623244758c89a96134e425e8d01bc82f/lib/saml2.coffee#L468
The prettified attributes are directly put into the user object, which works well, but the saml provider form wicked.auth does not retrieve them form there.
Options that come to my mind:
Probably there are more options. So any ideas how to proceed here?
The text was updated successfully, but these errors were encountered: