search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 728 forks source link

Claims not getting returned in passive STS login #19423

Open Lakshan-Banneheke opened 9 months ago

Lakshan-Banneheke commented 9 months ago

Describe the issue: Requested claims are not getting returned in passive STS login. I have set the application to request email, username, first name and last name. When logging in, the consent is obtained to read those attributes as well, however the claims are not returned and displayed after the login is complete.

Only one claim is received and the claim uri of that is set as http://wso2.org/claim Given below is a screenshot from the sample application.

Screenshot 2024-02-07 at 1 32 27 PM

I added some debug logs to the sample application to check whether it is an issue in displaying, but it looks like the correct claims are not getting received by the sample app from the IS.

Following is the claim map contained in the request which is obtained from request.getSession().getAttribute("claimMap")

{http://wso2.org/claims=Alex}

How to reproduce:

  1. Follow documentation[1] to create a passive STS app and deploy the sample application.
  2. Request user attributes via the User Attrributes page of the passive STS application.
  3. Log in to the sample application

[1] https://is.docs.wso2.com/en/next/get-started/try-samples/ws-federation-webapp/

Expected behavior: An accurate claim mapping should occur and the requested claims should be displayed. Given below is the screenshot of the expected result obtained from IS 5.11.0

Screenshot 2024-02-07 at 1 31 15 PM

Environment information (Please complete the following information; remove any unnecessary fields) :

Thisara-Welmilla commented 9 months ago

In the /passivest request, the claims are returning as follows.

SAML 1.1:

saml1:Attribute AttributeName="username" AttributeNamespace="http://wso2.org/claims&#34;>&lt;saml1:AttributeValue xsi:type="xsd:string">admin</saml1:AttributeValue></saml1:Attribute><saml1:Attribute AttributeName="emailaddress" AttributeNamespace="http://wso2.org/claims&#34;>&lt;saml1:AttributeValue xsi:type="xsd:string">thisara@wso2.com</saml1:AttributeValue></saml1:Attribute></saml1

SAML 2.0:

adminthisara@wso2.com

The claim representation in the response has been intentionally changed into above response with https://github.com/wso2/product-is/issues/15565. But the claims retrieve from the response logic in the sample app has not been updated accordingly.

As there are no issues to fix in the product-is code base, and only needed to update the sample app, reducing the severity of the issue.

cc: @Yoshani @madurangasiriwardena