Hello,
Within the attribute-resolver.xml file we have a script CDATA section
which is trying to check that a retrieved LDAP entity has a value:
if (typeof extensionAttribute1 != "undefined" && extensionAttribute1 !=
null) {
Unfortunately this doesn't seem to work as expected. The statement is
true for all users, whether they have extensionAttribute1 (EA1) set, or
even in their LDAP entry. Putting a simple print statement beforehand
shows that for all users EA1 is defined, and is not null. So the next
step was to try and check the length of the attribute by adding in:
... && extensionAttribute1.getValues().length > 0
This seems to have made things worse, in that the statement is now
always false! If I change the 'length' check for this:
... && extensionAttribute1 != ""
the statement again becomes true - but again is true for all users, even
if EA1 is not in their LDAP entry.
I am a bit lost as to what is happening here, but I suspect there is
some interaction between Shibboleth, LDAP and the script such that all
the required attributes are initially defined and possibly set to the
null string. This would explain why the original statement was always
true.
However, I am a bit lost as to why the 'length' check is failing, and
the check of "" always returns true. How can that be?
I can see nothing in the log files (for Shibboleth and tomcat) about
this.
Thanks,
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
|