Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-12625

Broker saml mappers are ignoring null attributeValues

    Details

    • Type: Enhancement
    • Status: Triage (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Backlog
    • Component/s: Protocol - SAML
    • Labels:
      None
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      https://github.com/keycloak/keycloak/blob/8.0.1/services/src/main/java/org/keycloak/broker/saml/mappers/UserAttributeMapper.java#L155

      a.getAttributeValue().stream().filter(Objects::nonNull).map(Object::toString).collect(Collectors.toList());
      

      The same for UserAttributeStatementMapper.

      By .filter(Objects::nonNull) we exclude all Attributes which have empty values.

      Specification says it is possible to have three types of empty attributes:
      1. Attributes with no AttributeValue (empty array of values). Line 1278 of spec
      2. Attribute with empty AttributeValue (containing empty string value). Line 1305 of spec
      3. Attribute with null AttributeValue (containing null value). Line 1309.
      It should be possible to create a mapper for each of those Attribute types.

      Example:
      We want to map this attribute:

      <saml:Attribute Name="isAdmin" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
          <saml:AttributeValue xsi:nil="true" xsi:type="xs:string"/>
      </saml:Attribute>
      

      to

      <saml:Attribute Name="administrator" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
          <saml:AttributeValue xsi:type="xs:string">true</saml:AttributeValue>
      </saml:Attribute>
      

      Both attributes are valid, however mapper will not create administrator Attribute because isAdmin attribute will be ignored during mapping, it will stop on this line: https://github.com/keycloak/keycloak/blob/8.0.1/services/src/main/java/org/keycloak/broker/saml/mappers/UserAttributeMapper.java#L112

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  mitko Michal Hajas
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated: