SATOSA Can internal response attributes have emptyvalues?

Can internal response attributes have emptyvalues?

Open jkakavas opened this issue 8 years ago • 2 comments

Hi,

I've come across a setup/configuration where we have internal_response attributes which value is an empty list. Something like :

{'edupersonorcid': [],
 'eppn': ['[email protected]'],
 'surname': ['Kakavas']}

The attributes get their value from the ldap_attribute_store microservice (in this example edupersonorcid has no values in LDAP ) and the frontend that breaks because of this is the openid_connect plugin, specifically https://github.com/SUNET/SATOSA/blob/d20500117c22f891ca44f7808a1ed6fab70738d7/src/satosa/frontends/openid_connect.py#L118

which raises IndexError: list index out of range as expected.

So the question is :

Do we make sure that we don't end up with empty lists in our internal_attributes ( i..e. fix this in the ldap attribute microservice ) or
Do we make sure our frontends are able to handle this ? I'd guess that the saml2 frontend is already more lenient as I know @skoranda has been using the ldap_attribute_store microservice in a saml/saml setup for some time now.

Sep 22 '17 09:09 jkakavas

I think it would be good to fix it in both places. I have the ldap_attribute_store.py code open now and can easily fix this.

Sep 22 '17 11:09 skoranda

That'd be great Scott, thanks!

Sep 22 '17 12:09 jkakavas

SATOSA SATOSA copied to clipboard

Can internal response attributes have emptyvalues?

SATOSA
SATOSA copied to clipboard