SAML Identity Server only inserts one value in SAML Assertion when there are multiple attributess with the same name

  • 7013272
  • 12-Sep-2013
  • 18-Sep-2013


NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Identity Server
NAM acting as SAML2 Identity server in Federated Environment


SAML setup between NAM IDP server and 3rd party SAML2 SP
Attribute set defined with following

- constant value true -> remote attribute ConstantNumber1
- constant value true -> remote attribute ConstantNumber3

When the assertion is generated by the IDP server, we will only include one of
the two of these attributes.

Here's the attribute set that I defined in my setup here. ConstantNumber1 and
COnstrntNumber3 are both set to a value true. This is what I see in the

Attribute xmlns:xs=""
xmlns:xsi="" Name="logouturl"
<saml:Attribute xmlns:xs="http://www.w" xmlns:xsi="" Name="Constant/ConstantNumber3" NameFormat="urn:oasis:names:tc:SAML:2.0:att rname-format:uri"><saml:AttributeValue xsi:type="xs:string">**</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp :Response> It only has constantNumber3. It seems to only populate the last constant if multiple constants of the same value exist - regardless of format.


Fixed in 3.2.2 IR1.