I'm using WSO2 Identity Server 5.3
I have to produce a SAML2 assertion with some multivalued attributes from the user profile.
Let's say I have a comma separated list of values for a particular claim and I must organize those attributes using the following structure in my saml assertion response:
<saml2:Attribute Name="attribute1">
<saml2:AttributeValue>value1</saml2:AttributeValue>
<saml2:AttributeValue>value2</saml2:AttributeValue>
<saml2:AttributeValue>value3</saml2:AttributeValue>
<saml2:AttributeValue>value4</saml2:AttributeValue>
</saml2:Attribute>
I configured an STS client to get SAML2 assertion and claims from a particular user which I setup with a multivalued claim.
My issue is I get the SAML assertion response as the following structure:
<saml2:Attribute Name="attribute1">
<saml2:AttributeValue>value1,value2,value3,value4</saml2:AttributeValue>
</saml2:Attribute>
I setup an instance of the travelocity application on a tomcat, tested again and I got the SAML assertion as expected after login to the application and choosing the SAML flow. I could verify it looking at the log file of the Identity Server.
I used the STS client [1] as well to get the SAML assertion but what I got when it comes to a multivalued attribute is a comma separated values for that particular attribute.
I went directly towards the admin service https://localhost:9443/services/wso2carbon-sts?wsdl using SOAP UI as my client but SAML response was the exact same case as I stated before, multivalued attribute comes as a comma separated values for that particular attribute.
Here is a sample of what I get in the Attribute Statement section:
<saml2:AttributeStatement>
<saml2:Attribute Name="http://wso2.org/claims/im" NameFormat="http://wso2.org/claims/im">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">jairo_fernandezr,jb_fernandez
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="http://wso2.org/claims/emailaddress" NameFormat="http://wso2.org/claims/emailaddress">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">[email protected]
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="http://wso2.org/claims/givenname" NameFormat="http://wso2.org/claims/givenname">
<saml2:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Jairo
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
Now, I would like to ask you if there is another way to get a SAML assertion with multivalued attributes structured as single values instead of a comma separated values using the admin service https://localhost:9443/services/wso2carbon-sts?wsdl or another approach without setting up the travelocity application.
[1] https://github.com/wso2/product-is/tree/5.x.x/modules/samples/sts
Any comment will be greatly appreciated.
Thanks
WSO2 Identity server 5.3.0 behaves correctly when it comes to the Web SAML SSO flow.
But the service wso2carbon-sts which can be found by default at https://localhost:9443/services/wso2carbon-sts behaves differently as I described in my original post.
I have made a report of this to the WSO2 team and they registered a bug in Identity Server's project, you can see details here and follow up this if you are interested.
Thanks for your support