-
Type:
Defect
-
Resolution: Done
-
Priority:
Major
-
Affects Version/s: None
-
Component/s: Authorization
-
None
This is something that cropped up during the preparation of the Security ICD. We added example call/responses for the various services taken direct from output from the system. The SAML Attribute Service client AttributeQuery call example had a bug in the setting of the 'GroupRole' type:
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The NameFormat should be "groupRole" not string type. It should be:
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="groupRole"/>
^^^^^^^^^^^
I think this example is from the Gateway code (sorry can't be sure). Could this be checked out?
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The NameFormat should be "groupRole" not string type. It should be:
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="groupRole"/>
^^^^^^^^^^^
I think this example is from the Gateway code (sorry can't be sure). Could this be checked out?