Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non standard claims returned as array #24

Open
ebusi opened this issue Nov 8, 2022 · 3 comments
Open

Non standard claims returned as array #24

ebusi opened this issue Nov 8, 2022 · 3 comments
Assignees
@ebusi

Comments

@ebusi
Copy link
Contributor

ebusi commented Nov 8, 2022

Hello,

I've a project with oidcop as frontend and saml backend.

When I call the /userinfo endpoint the custom claims are returned as array even if the values in the saml response was a string.

My suggestion is to change the following row:

SATOSA-oidcop/satosa_oidcop/core/claims.py

Line 45 in a1984f8

(name, combine_values_by_claim[name](values)) for name, values in claim_items

and adding a default combine function for the claims not defined in the claims.py file:

(name, combine_values_by_claim.get(name, combine_select_first_value)(values)) for name, values in claim_items

If this change makes sense to you I'm opening a PR.

Cheers
@peppelinux
Copy link
Member

Ciao Emanuele,

please can you say in this thread which problem you want to solve, I mean a clear statement of the error/bug to start the discussion with the developers

@ebusi
Copy link
Contributor Author

ebusi commented Nov 9, 2022
edited
Loading

For reference my project is based on https://github.com/italia/Satosa-Saml2Spid/.
I've an OpenID frontend and a SAML backend.

Given a SAML Response with the attributes:

<saml:Attribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                                         
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
                    AGID-001
                </saml:AttributeValue>
                                                     
            </saml:Attribute>
                                                                                  
            <saml:Attribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
                                                         
                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
                    AgID
                </saml:AttributeValue>
                                                     
            </saml:Attribute>

At the end of the authentication process, when I call the /userinfo endpoint the claims are:

"family_name": "AgID",
"spid_code": [
    "AGID-001"
],

Both "name" and "spidCode" are supposed to be string values and so I'm expecting the spid_code in the userinfo to be a string a not an array with a string.

Diggin in the code I think the line in the above comment is the reason of the custom claims (like spid_code) to be returned as an array.

@peppelinux peppelinux mentioned this issue Feb 21, 2024
Open
@peppelinux
Copy link
Member

@ebusi the answer is here: #50

sorry for the late in reply

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ebusi ebusi

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peppelinux @ebusi