Description
Describe the bug
When grabbing the email attribute (urn:oid:0.9.2342.19200300.100.1.3
) from the SimpleSaml2AuthenticatedPrincipal
/ DefaultSaml2AuthenticatedPrincipal
the output is XML and not the expected email.
Until #8861 is merged, the following workaround is used to access the attributes:
val principal = objectMapper.convertValue(auth.principal, Map::class.java)
val attributes = principal["attributes"] as Map<String, List<String>>
The value returned is:
<?xml version="1.0" encoding="UTF-8"?>
<saml2:AttributeValue
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:anyType">
[email protected]
</saml2:AttributeValue>
This seems to be due to prefixed XML elements, as the issue does not occur when non-prefixed XML elements that specify the xmlns
attribute are used instead.
Google SAML produces XML with prefixed XML elements, e.g.:
<saml2:AttributeStatement>
<saml2:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">
[email protected]
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
And e.g. https://github.com/amdonov/lite-idp produces non-prefixed XML elements:
<AttributeStatement xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="urn:oid:0.9.2342.19200300.100.1.3"
Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<AttributeValue xmlns="urn:oasis:names:tc:SAML:2.0:assertion">[email protected]
</AttributeValue>
</Attribute>
</AttributeStatement>
This was tested with the versions 5.4.0-M2 and 5.4.0-SNAPSHOT (as of today).
To Reproduce
- Setup a Google SAML SP (or other SAML software that produces prefixed XML elements).
- Try to grab the email attribute (
urn:oid:0.9.2342.19200300.100.1.3
) fromSimpleSaml2AuthenticatedPrincipal
/DefaultSaml2AuthenticatedPrincipal
.
Expected behavior
The email is returned.