dsmrt
commented
4 years ago Good catch ... that does seem like a bug. You greater than zero logic seems correct. We just want at least one attribute. I'll get this patched up.
Closed rrrmity closed 4 years ago
dsmrt
commented
4 years ago Good catch ... that does seem like a bug. You greater than zero logic seems correct. We just want at least one attribute. I'll get this patched up.
dsmrt
commented
4 years ago Fixed in 2.1.4.
We receive a response from ADFS and only have a single attribute in there (the mail address). So this line https://github.com/flipboxfactory/saml-sp/blob/2176913dfdb79e819289c2d19bf61496a80a42c4/src/services/login/User.php#L153 will set
$hasAttributestofalsealthough it has one correct attribute.Because of that
the transform will not take place, https://github.com/flipboxfactory/saml-sp/blob/2176913dfdb79e819289c2d19bf61496a80a42c4/src/services/login/User.php#L155-L157
the correct mail address will be ignored https://github.com/flipboxfactory/saml-sp/blob/2176913dfdb79e819289c2d19bf61496a80a42c4/src/services/login/User.php#L165
and it will end up in 'No attribute statements found! Trying to assign username as the email.', which is odd, because we have the correct mail address already, but it will be ignored. https://github.com/flipboxfactory/saml-sp/blob/2176913dfdb79e819289c2d19bf61496a80a42c4/src/services/login/User.php#L157-L164
When we change the line to
$hasAttributes = count($assertion->getAttributes()) > 0;everything works as expected.From our point of view this seems like a bug (which will work in almost all cases, because nearly all of the cases have more than one attribute) and additionally it reads strange ("If you have ONE attribute, the property hasAttributes is set to false, which leads to the assumption the there is NO attribute").
Could you give us advice on how to handle this problem on our side correct OR how to fix it and why you had decided to always expect more than 1 attribute and fail if there is only one.
Best regards Michael