String attribute type incompatibility in Scripted attributes on Java7
Won't Fix
Description fields
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
In a scripted attribute definition, under Java7, string concatenation may return return a sun.org.mozilla.javascript.ConsString instead of a java.lang.String
This then results into the resolver reporting:
2016-10-18 16:08:26,362 - ERROR [net.shibboleth.idp.profile.impl.ResolveAttributes:257] - Profile Action ResolveAttributes: Error resolving attributes
net.shibboleth.idp.attribute.resolver.ResolutionException: Attribute Definition 'eduPersonEntitlement': scripted attribute 'eduPersonEntitlement': added element must be a String or AttributeValue, provided = class sun.org.mozilla.javascript.ConsString
at net.shibboleth.idp.attribute.resolver.ad.impl.ScriptedIdPAttributeImpl.policeValueType(ScriptedIdPAttributeImpl.java:176)
Note that this only happens when the value is assigned to a separate variable and will not happen when the value is passed directly.
This still can be worked around by wrapping the value as a StringAttributeValue:
importPackage(Packages.net.shibboleth.idp.attribute)
a = "urn:mace:dir:entitlement:"
b = "common-lib-terms"
value = a+b
eduPersonEntitlement.getValues().add(new StringAttributeValue(value));
In a scripted attribute definition, under Java7, string concatenation may return return a
sun.org.mozilla.javascript.ConsStringinstead of ajava.lang.StringThis then results into the resolver reporting:
2016-10-18 16:08:26,362 - ERROR [net.shibboleth.idp.profile.impl.ResolveAttributes:257] - Profile Action ResolveAttributes: Error resolving attributes net.shibboleth.idp.attribute.resolver.ResolutionException: Attribute Definition 'eduPersonEntitlement': scripted attribute 'eduPersonEntitlement': added element must be a String or AttributeValue, provided = class sun.org.mozilla.javascript.ConsString at net.shibboleth.idp.attribute.resolver.ad.impl.ScriptedIdPAttributeImpl.policeValueType(ScriptedIdPAttributeImpl.java:176)The simplest form to reproduce this is:
<resolver:AttributeDefinition xsi:type="ad:Script" id="eduPersonEntitlement" sourceAttributeID="eduPersonEntitlement"> <resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" /> <resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" /> <ad:Script> <![CDATA[ a = "urn:mace:dir:entitlement:" b = "common-lib-terms" value = a+b eduPersonEntitlement.getValues().add(value); //eduPersonEntitlement.getValues().add(a+b); ]]> </ad:Script> </resolver:AttributeDefinition>Note that this only happens when the value is assigned to a separate variable and will not happen when the value is passed directly.
This still can be worked around by wrapping the value as a StringAttributeValue:
importPackage(Packages.net.shibboleth.idp.attribute) a = "urn:mace:dir:entitlement:" b = "common-lib-terms" value = a+b eduPersonEntitlement.getValues().add(new StringAttributeValue(value));Given this is all Java7/Rhino specific, and has an easy workaround, this might be fixed just at Documentation level - including a warning at https://wiki.shibboleth.net/confluence/display/IDP30/ScriptedAttributeDefinition
Just thought this would be worth reporting....
Cheers,
Vlad