search

clegaspi / saml_reader

A tool to parse and verify SAML response data for MongoDB Cloud.
MIT License
7 stars 2 forks source link

Cannot validate if firstName or lastName is multi-valued #80

Open clegaspi opened 2 years ago

clegaspi commented 2 years ago

If we have something like this:

      <saml2:Attribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">First</saml2:AttributeValue>
        <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">First</saml2:AttributeValue>
      </saml2:Attribute>
      <saml2:Attribute Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
        <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">Last</saml2:AttributeValue>
        <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">Last</saml2:AttributeValue>
      </saml2:Attribute>

This will fail regex validation, because the regex comparison gets a list rather than a string. We should have a check to make sure the firstName and lastName attributes are not multi-valued.