Skip to Content.
Sympa Menu

mace-opensaml-users - RE: subject is omitted in saml response with multiple statements in an assertion

Subject: OpenSAML user discussion

List archive

RE: subject is omitted in saml response with multiple statements in an assertion


Chronological Thread 
  • From: Scott Cantor <>
  • To: , 'saml' <>
  • Subject: RE: subject is omitted in saml response with multiple statements in an assertion
  • Date: Tue, 18 Mar 2003 14:11:53 -0500
  • Importance: Normal
  • Organization: The Ohio State University
> when returing a SAMLResponse containing
> * one SAMLAssertion containing
> * one SAMLAuthenticationStatement containing
> * one SAMLSubject
> * one SAMLAttributeStatement containing
> * the same SAMLSubject as before
> * many SAMLAttributes
> the subject is retained in the SAMLAttributeStatement
> but is omitted from the SAMLAuthenticationStatement.

My guess is it's a bug/quirk in the way the subject is being given to the
statements. It probably should work if you clone the
subject so that a different object is handed to both statements. I'll have to
see what the obvious fix is, if there is one.

Can you verify that that's what you're doing in the code?

SAMLSubject sub=new SAMLSubject(...)
SAMLAuthenticationStatement s1=new (sub...)
SAMLAttributeStatement s2=new (sub...)

If you make the second one (SAMLSubject)sub.clone() it should work around it.

-- Scott

---------------------------------------------------mace-opensaml-users-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

---------------------------------------------------mace-opensaml-users--


Archive powered by MHonArc 2.6.16.

Top of Page