Why when i use the attribute_statements, only the first value of array is returned and not the array itself?

[thooams]

I use attribute_statements to map some attributes. But when i map roleIds attribute to roles attribute, only the first result of array is returned whereas the raw values return an array.

Omniauth conf

require 'omniauth'
use OmniAuth::Strategies::SAML,
  assertion_consumer_service_url:  "consumer_service_url",
  issuer:  "issuer",
  idp_sso_target_url: idp_sso_target_url",
  ...
  attribute_statements: { email: ["mail"], roles: ["roleIds"], uid: ["ssoid"] }
  ...

Omiauth callback

<OmniAuth::AuthHash credentials=#<OmniAuth::AuthHash> 
extra=#<OmniAuth::AuthHash raw_info=#<OneLogin::RubySaml::Attributes:0x0000560d750527a0 @attributes={"ssoid"=>["561651"],  "mail"=>["test@test.fr"], "roleIds"=>["g01212476", "g01347089", "g01347094", "g01347103", "g01347105"] } 
...
info=#<OmniAuth::AuthHash::InfoHash email="test@test.fr", uid="561651" roles="g01212476">
...
>

[arvida]

Maybe a bit late 😊

However, I just ran into the same issue where I only got the first value returned. Found a solution in the README for ruby-saml: https://github.com/onelogin/ruby-saml#retrieving-attributes.

Setting OneLogin::RubySaml::Attributes.single_value_compatibility = false makes attribute_statements support multiple values for each attribute.

[SolomonHD]

@arvida Where did you set this option? We're trying to do the same thing but no where we put that statement seems to work.

[arvida]

@SolomonHD We have an initializer file for OmniAuth (config/initializers/omniauth.rb) in our app. I just put the statment first in that file and that looks to do the trick.