'Re: Attribute sorting in 2.3.2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: Attribute sorting in 2.3.2
From:       Chad La Joie <lajoie () itumi ! biz>
Date:       2011-07-29 14:44:35
Message-ID: 4E32C753.6050605 () itumi ! biz
[Download RAW message or body]

The sorting that occurred after filtering has been removed and that
change will show up in 2.3.3.

Note, however, that the LDAP protocol does not guarantee any ordering or
attributes or their values.  So, if you have something relying on that
ordering then you have a bug in your code.

On 7/29/11 10:37 AM, Eric Pierce wrote:
> Ran into an issue upgrading from 2.2.1 to 2.3.2 and I'm not sure if I'm
> missing something in the config or if it's a bug.  Attribute values are
> being sorted alphabetically before being released.  This isn't a problem for
> most multi-valued attributes but order matters for some of them, especially
> givenName.  When it was first reported, I thought that it was an issue with
> the data in LDAP or a config option for the VTldap library, but it appears
> to be happening just after the attribute filters are run.  Here's the data
> that LDAP server has:
> 
> givenName: Eric
> givenName: Edward
> 
> And here's the result from the search:
> 07:58:20.019 - DEBUG
> [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:414]
>                 
> - LDAP data connector usfLDAP - Found the following attribute:
> givenname[Eric, Edward]
> 
> Then, after the attributes go through the filtering policies, they are
> sorted alphabetically:
> 07:58:20.039 - TRACE
> [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:173]
>                 
> - The following value for attribute givenName meets the permit value rule:
> Eric
> 07:58:20.039 - TRACE
> [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:173]
>                 
> - The following value for attribute givenName meets the permit value rule:
> Edward
> 07:58:20.042 - TRACE
> [edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethAttributeFilteringEngine:109]
>                 
> - Permitted values for attribute givenName are: [Edward, Eric]
> 
> And the SAML ouput reflects the new order:
> <saml2:Attribute FriendlyName="givenName" Name="urn:oid:2.5.4.42"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="xs:string">Edward</saml2:AttributeValue>
> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:type="xs:string">Eric</saml2:AttributeValue>
> </saml2:Attribute>
> 
> I didn't change any config files when moving from 2.2.1 to 2.3.2, so I was
> thinking there might have been a change in defaults between the two
> versions, but I can't find anything obvious in the new files.  Anyone seen
> this before?
> 
> Thanks,
> -Eric
> 
> 
> 
> 
> --
> To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net

-- 
Chad La Joie
http://itumi.biz
trusted identities, delivered
--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic