Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add testing for fetching attribute values #1449

Closed
wants to merge 3 commits into from
Closed

Add testing for fetching attribute values #1449

wants to merge 3 commits into from

Conversation

SwapnilShahGit
Copy link

@SwapnilShahGit SwapnilShahGit commented Apr 6, 2024
edited
Loading

This PR adds test cases for reading attributes in a SAML document. Alongside, there is a null check added in the code such that an attribute will not be populated if no value is specified.

@SwapnilShahGit SwapnilShahGit force-pushed the add_attribute_testing branch from aa9f134 to 0fcbc72 Compare April 6, 2024 07:03
@SwapnilShahGit SwapnilShahGit marked this pull request as ready for review April 6, 2024 07:04
@AndersAbel
Copy link
Member

Thanks for the PR. Unfortunately the SAML treatment of attribute values is a bit more complicated. The base part of the spec is section 2.7.3.1.1 in the SAML core spec, which includes how null and empty values are handled.

The TLDR (although I do recommend reading the spec):

  • An empty node <AttributeValue /> represents an empty string.
  • A null value is represented by <AttributeValue xsi:nil=\"1\" /> (1 or true are both allowed)

The SAML Attribute Profiles (section 8, profile spec) contains even more rules, but as the main focus right now is the Web SSO Profile (and possibly Single Logout) I think we can ignore the profile spec for now.

@github-actions github-actions bot closed this May 3, 2024
@AndersAbel AndersAbel reopened this May 3, 2024
@SwapnilShahGit SwapnilShahGit force-pushed the add_attribute_testing branch from 0fcbc72 to 760c155 Compare May 22, 2024 08:36
@SwapnilShahGit SwapnilShahGit force-pushed the add_attribute_testing branch from 3ce93af to bf3c360 Compare May 22, 2024 08:39
AndersAbel
AndersAbel requested changes May 24, 2024
View reviewed changes
src/Sustainsys.Saml2/Xml/XmlTraverser.cs
{
//TODO: Test case + error handling for non text content.
IgnoreChildren();

var nullNodeValue = CurrentNode?.Attributes?.GetNamedItem("xsi:nil")?.Value;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The support for null is specific to attribute values. The Saml Core Spec section 2.7.3.1.1 states that:

If a SAML attribute includes an empty value, such as the empty string, the corresponding
element MUST be empty (generally this is serialized as ).
This overrides the requirement in Section 1.3.1 that string values in SAML content contain at least one
non-whitespace character.
If a SAML attribute includes a "null" value, the corresponding element MUST be
empty and MUST contain the reserved xsi:nil XML attribute with a value of "true" or "1".

Checking 1.3.1 it states that string values must have at least one non-whitespace character.

I think that the correct validation to do in this method is to check that there is indeed at least one character, possibly with an "bool allowEmpty" param. Then the check for xsi:nil can be moved to ReadElements(XmlTraverser source, SamlAttribute attribute).

And btw, the retrieval of the attribute should use the namespace. The prefix xsi is just a common thing to do, it doesn't have to be exactly that prefix.

source.CurrentNode!.Attributes!["nil", XmlSchema.InstanceNamespace]?.Value

@github-actions github-actions bot closed this Jun 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AndersAbel AndersAbel AndersAbel requested changes

Assignees
No one assigned
Labels
no-pr-activity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SwapnilShahGit @AndersAbel