#61 Ipsilon sends empty AttributeStatement, violates specification
Closed: Fixed None Opened 5 years ago by jdennis.

The saml-core-2.0-os specification section 2.7.3 (page 29) requires the <AttributeStatement> element contain one or more <Attribute> or <EncryptedAttribute> elements.

But in ipsilon/providers/saml2/auth.py in saml2checks no test is performed to check if there are any attributes before the AttributeStatement is inserted, this can result in an empty <AttributeStatement> element.

Shibboleth checks for this and emits errors when it encounters an empty <AttributeStatement> element.

Fields changed

component: Documentation => SAML
owner: => simo

Fields changed

owner: simo =>
status: new => assigned

Fields changed

owner: => jdennis

Fields changed

milestone: => 1.0 m3

Patch is available in my fedorahosted ipsilon git repo in the topic branch: non-empty-attrs

Essentially the patch just moves the creation of the AttributeStatement and it's population inside an if test that checks for an empty attributes dict.

patch_available: 0 => 1

New patch submitted with changes requested by Simo.

design_link: =>

master: b5730c2

resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @nkinder:
- Issue assigned to jdennis
- Issue set to the milestone: 1.0 m3

3 years ago

Login to comment on this ticket.