Closed mauromol closed 3 years ago
peppelinux
commented
3 years ago that's something I decided to handle by hand, using -aj parameter with a custom collection of attributes.
I think that this issue could be covered with an automatic selection of attributes to be release, in base of which have been defined in the authn request
thank you @mauromol
mauromol
commented
3 years ago Hi @peppelinux , with 0.9.11 I see that you're returning all the attributes of all the attribute consuming services listed in metadata. However, the expected behaviour is that only the attributes of the attribute consuming service specified in the AuthnRequest (through the AttributeConsumingServiceIndex attribute) are returned.
peppelinux
commented
3 years ago however https://github.com/italia/spid-sp-test/commit/d6141a33f6fb83c52712e8144c582669b8100f7a
gets all the attributes from all the ACS, this MUST be fixed, filtering on top of the ACS defined in the authn request
When producing SAML responses, spid-sp-test seems to always emit all the authenticated subject attributes, disregarding what was requested within the
AuthnRequestby the SP. I would expect it to honour the SP request (unless a specific check should test the SP behaviour otherwise) and perhaps provide some command-line argument to force the addition or removal of other attributes.