SAML Identity Server only inserts one value in SAML Assertion when there are multiple attributess with the same name

  • 7013272
  • 12-Sep-2013
  • 18-Sep-2013

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 Identity Server
NAM acting as SAML2 Identity server in Federated Environment

Situation

SAML setup between NAM IDP server and 3rd party SAML2 SP
Attribute set defined with following

- constant value true -> remote attribute ConstantNumber1
- constant value true -> remote attribute ConstantNumber3

When the assertion is generated by the IDP server, we will only include one of
the two of these attributes.


Here's the attribute set that I defined in my setup here. ConstantNumber1 and
COnstrntNumber3 are both set to a value true. This is what I see in the
assertion

<saml:AttributeStatement><saml:
Attribute xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="logouturl"
NameFormat="urn:oasis:name
s:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue
xsi:type="xs:string">**</saml:AttributeValue></saml:Attribute>
<saml:Attribute xmlns:xs="http://www.w 3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="Constant/ConstantNumber3" NameFormat="urn:oasis:names:tc:SAML:2.0:att rname-format:uri"><saml:AttributeValue xsi:type="xs:string">**</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion></samlp :Response> It only has constantNumber3. It seems to only populate the last constant if multiple constants of the same value exist - regardless of format.


Resolution

Fixed in 3.2.2 IR1.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.