Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

samlSubjectID formatting #30

Open
trsau opened this issue Oct 1, 2024 · 0 comments
Open

samlSubjectID formatting #30

trsau opened this issue Oct 1, 2024 · 0 comments

Comments

@trsau
Copy link
Contributor

trsau commented Oct 1, 2024

The samlSubjectID has a limited set of characters that can make up to uid part of the subjectID. Allowable values include alphanumeric + '-'. As we use the user's UID we need to ensure all unallowable characters are escaped. For example [email protected] would turn into [email protected].

The code below provided by Tuakiri replaces any non-alphanumeric character with '--'. It is split into two parts depending on the source value. If it is pre-scoped or not. In our case will be not scoped as we sourcing from the user's UID.

    <AttributeDefinition id="samlSubjectID" xsi:type="ScriptedAttribute" >
        <InputAttributeDefinition ref="{{ idp__saml_subject_id_source }}" />
        <Script>
          <![CDATA[
              var ScopedStringAttributeValue = Java.type("net.shibboleth.idp.attribute.ScopedStringAttributeValue");
              src_attr = {{ idp__saml_subject_id_source }}

              if(src_attr && src_attr.getValues() && src_attr.getValues().size()==1) {
                  src = src_attr.getValues().get(0);
                  atIndex = src.lastIndexOf('@')
                  // only proceed if @ is neither at the start or at the end
                  {% if idp__saml_subject_id_source_is_scoped %}
                  uidPart = ''
                  scope = ''
                  if ( atIndex>0 && (atIndex < src.length -1) ) {
                      uidPart = src.substring(0, atIndex)
                      scope = src.substring(atIndex+1)
                  }
                  {% else %}
                  uidPart = src
                  scope = '%{idp.scope}'
                  {% endif %}
                  if (uidPart != '' && scope != '') {
                      res = '';
                      for ( i = 0; i < uidPart.length; i++ ) {
                          if ( /^[A-Za-z0-9]$/.test(src[i]) ) {
                             res += src[i];
                          } else {
                             res += '-' + src.charCodeAt(i).toString(16) + '-';
                          }
                      }
                      samlSubjectID.getValues().add(new ScopedStringAttributeValue(res, scope));
                  }
              }
         ]]>
        </Script>
    </AttributeDefinition>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@trsau