Menu
▾
▴
Re: [Unity-idm-discuss] change attribute value type error
|
From: Sander A. <sa....@fz...> - 2016-11-09 14:57:36
|
Hi Krzysztof,
I copied the attribute values with REST API to a new one. After updating registration forms, translation profiles and config to the new attribute I found some problems or maybe bugs.
1) The old attribute named email and the new attribute named mail are stored in Unity. The following output translation profile is used for SPs:
Condition: true
Action: createAttribute
attributeName: email
expression: attr['mail']
If this translation profile is used, Unity ignores the expression and send the value of the attribute "email" to the client. If there is no attribute named email, the expression works.
2) SAML clients can't use verifiableEmail attributes. I got an error from an SAML client because Unity sends within the response the following status:
<urn:Status>
<urn:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" />
<urn:StatusMessage>pl.edu.icm.unity.types.basic.VerifiableEmail cannot be cast to java.lang.String</urn:StatusMessage>
</urn:Status>
So it seems that Unity can't cast the VerifiableEmail attribute in SAML context. For Oauth it works fine. Very bad is that unity logfiles has no errors. If I have a look in it, it seems that everything was fine.
3) In input translation profiles we use effect = CREATE_OR_UPDATE for attribute mapping. If you use this effect for verifiableEmail the user receives a confirmation email after every login (although the email address was confirmed). I would expect that it is send once at registration and a new confirmation mail is send if the email address has changed.
Do you know this problems?
Best regards,
Sander
Am Freitag, den 21.10.2016, 11:17 +0200 schrieb Krzysztof Benedyczak:
Hi Sander,
W dniu 20.10.2016 o 12:44, Sander Apweiler pisze:
Hi,
I want to change the value type of email attribute from string into
verifiableEmail. When I submit the changes I got an error that at least
one attribute is in conflict with it. The stack trace from log file is
attached. Has anyone a hint for me?
Unfortunately this direction is not easy. verifiableEmail holds a
complex information as attribute values. Usually you see only the sole
email value, but it is also stored whether it was confirmed, when, how
many confirmation requests were sent. Therefore simple upcasting of
String to vEmail won't work.
One approach would be to create a new verifiableEmail-type attribute and
use REST API to transform. It should be also possible to create a JSON
dump, tweak it and reimport, but this is really fragile operation,
requiring good testing on a test instance...
If you don't mind waiting you can open a ticket for this - we can
implement better special handling for attribute type changes: if the
current approach of basic type cast does not work, we can try to perform
export to text representation and parse it. Of course such fallback can
loose some information but should work in the typical cases.
Best,
Krzysztof
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
|
