Skip to content

SEC-2219: OpenId Attribute Exchange does not work with Intuit Provider #2443

New issue
New issue
Open
Open
SEC-2219: OpenId Attribute Exchange does not work with Intuit Provider#2443
Labels
in: openidAn issue in spring-security-openidtype: bugA general bugtype: jiraAn issue that was migrated from JIRA
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Jul 17, 2013

grady cooper (Migrated from SEC-2219) said:

org.springframework.security.openidOpenID4JavaConsumer::fetchAxAttributes() uses the attribute name to retrieve the attribute values( List values = fetchResp.getAttributeValues(attr.getName());). However, the intuit OP (which maybe a .NET provider) uses an alias scheme (not the attribute name) to provide values. Partial responses from intuit OP (notice "email" attributes value is names value.alias3 (not "email") :

&openid.ns.alias3=http://openid.net/srv/ax/1.0&openid.alias3.mode=fetch_response&openid.alias3.type.alias1=http://axschema.org/namePerson/first&openid.alias3.value.alias1=First&openid.alias3.type.alias2=http://axschema.org/namePerson/last&openid.alias3.value.alias2=Last&openid.alias3.type.alias3=http://axschema.org/contact/email&[email protected]

I believe the correct fix is to lookup attributes by type ( org.openid4java.message.ax.AxPayload::getAttributeValuesByTypeUri(String typeUri)) - however, I'm a newbie to openid and admittedly don't know all the compatibility issues.

security configuration for intuit OP:

                            <b:entry key=".*intuit.com.*">
                                <b:list>
                                    <b:bean class="org.springframework.security.openid.OpenIDAttribute">
                                        <b:constructor-arg name="name" value="email"/>
                                        <b:constructor-arg name="type" value="http://axschema.org/contact/email"/>
                                        <b:property name="required" value="true"/>
                                    </b:bean>
                                    <b:bean class="org.springframework.security.openid.OpenIDAttribute">
                                        <b:constructor-arg name="name" value="firstname"/>
                                        <b:constructor-arg name="type" value="http://axschema.org/namePerson/first"/>
                                        <b:property name="required" value="true"/>
                                    </b:bean>
                                    <b:bean class="org.springframework.security.openid.OpenIDAttribute">
                                        <b:constructor-arg name="name" value="lastname" />
                                        <b:constructor-arg name="type" value="http://axschema.org/namePerson/last"/>
                                        <b:property name="required" value="true"/>
                                    </b:bean>
                                    <b:bean class="org.springframework.security.openid.OpenIDAttribute">
                                        <b:constructor-arg name="name" value="realmId" />
                                        <b:constructor-arg name="type" value="http://axschema.org/intuit/realmId"/>
                                        <b:property name="required" value="true"/>
                                    </b:bean>
                                </b:list>
                            </b:entry>

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: openidAn issue in spring-security-openidtype: bugA general bugtype: jiraAn issue that was migrated from JIRA

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions