The saml-core-2.0-os specification section 2.7.3 (page 29) requires the <AttributeStatement> element contain one or more <Attribute> or <EncryptedAttribute> elements.
<AttributeStatement>
<Attribute>
<EncryptedAttribute>
But in ipsilon/providers/saml2/auth.py in saml2checks no test is performed to check if there are any attributes before the AttributeStatement is inserted, this can result in an empty <AttributeStatement> element.
Shibboleth checks for this and emits errors when it encounters an empty <AttributeStatement> element.
Fields changed
component: Documentation => SAML owner: => simo
owner: simo => status: new => assigned
owner: => jdennis
milestone: => 1.0 m3
Patch is available in my fedorahosted ipsilon git repo in the topic branch: non-empty-attrs
Essentially the patch just moves the creation of the AttributeStatement and it's population inside an if test that checks for an empty attributes dict.
patch_available: 0 => 1
New patch submitted with changes requested by Simo.
design_link: =>
master: b5730c2
resolution: => fixed status: assigned => closed
rhbz: => 0
Metadata Update from @nkinder: - Issue assigned to jdennis - Issue set to the milestone: 1.0 m3
Login to comment on this ticket.