FMATTR doesn't work for User Attribute Mapped Experssions

Document ID : KB000004280
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When generating an Assertion for Federation using a multi-valued attribute, the “FMATTR:” prefix is used to indicate that the following values should be read as a multi-lined value in the assertion, rather than printing it out as a single line of carrot (^) delineated values.

This works for most circumstances, however when combined with a user store defined expression, we see that it is printing it out as a single line of carrot (^) delineated values.

Ex:

Mail attribute setup in the user store with 3 values: test@a.com, test@b.com, test@c.com

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Test Case 1:

Attribute Name: MailA1:

Configured as Alias for the attribute "mail" in user store. Inputted in Federation Assertion Value as "MailA1"

 

Expected results:

Because no FMATTR prefix was included, expected a carrot (^) delinted list of the mail attribute.

 

Actual results:

<ns2:Attribute Name="MailA1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

<ns2:AttributeValue>test@c.com^test@b.com^test@a.com</ns2:AttributeValue>

</ns2:Attribute>

 

Lack of FMATTR functions correctly on an alias setup in the User Store Attribute Mapping.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Test Case 2:

Attribute Name: MailA2:

Configured as Alias for the attribute "mail" in user store. Inputted in Federation Assertion Value as "FMATTR:MailA2"

 

Expected results:

Because FMATTR prefix was included, expected a list of the mail attribute with each attribute value listed as its own attribute value, rather than one single value.

 

Actual results:

<ns2:Attribute Name="MailA2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

<ns2:AttributeValue>test@c.com</ns2:AttributeValue>

<ns2:AttributeValue>test@b.com</ns2:AttributeValue>

<ns2:AttributeValue>test@a.com</ns2:AttributeValue>

</ns2:Attribute>

 

Inclusion of FMATTR prefix functions correctly on an alias setup in the User Store Attribute Mapping

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Test Case 3:

Attribute Name: MailE1

Configured as Expression which prints the list as all caps for the attribute "mail" in user store. Inputted in Federation Assertion Value as "MailE1"

 

Expected results:

Because no FMATTR prefix was included, expected a carrot (^) delinted list of the mail attribute in all caps.

 

Actual results:

<ns2:Attribute Name="MailE1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

<ns2:AttributeValue>TEST@C.COM^TEST@B.COM^TEST@A.COM</ns2:AttributeValue>

</ns2:Attribute>

 

Lack of FMATTR functions correctly on an expression setup in the User Store Attribute Mapping.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Test Case 4:

Attribute Name: MailE2

Configured as Expression which prints the list as all caps for the attribute "mail" in user store. Inputted in Federation Assertion Value as "FMATTR:MailE2"

 

Expected results:

Because FMATTR prefix was included, expected a list of the mail attribute with each attribute value listed as its own attribute value, rather than one single value.

 

Actual results:

<ns2:Attribute Name="MailE2" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

<ns2:AttributeValue>TEST@C.COM^TEST@B.COM^TEST@A.COM</ns2:AttributeValue>

</ns2:Attribute>

 

Inclusion of FMATTR prefix does not function correctly on an expression setup in the User Store Attribute Mapping.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Environment:
Applies to all supported environments for the specified releases. Confirmed for 12.52 SP1 up to 12.52 SP1 CR5
Cause:

Code defect

Resolution:

Fixed in 12.6 and 12.52 SP1 CR08

Additional Information:

Resolved with internal Engineering ticket DE198382