By: Mitch Trahan user 12 Oct 2017 at 3:26 p.m. CDT

11 Responses
Mitch Trahan gravatar
Hello, I am having an issue with multivalue attributes. Namely, I have a scope for the memberOf attribute (although I've tried creating a custom multivalue attribute with the same result) with multiple values assigned but it appears that I only ever get one of the assigned values back in my id_tokens. Log: 2017-10-12 19:39:32,037 INFO [org.xdi.oxauth.service.AuthenticationService] Attempting to redirect user: SessionUser: SessionState, dn='uniqueIdentifier=d2b8bc85-c179-49c7-8672-6f6ab8b952f8,ou=session,o=@!1E3A.BA67.71DF.3402!0001!7FE4.7E1E,o=gluu', id='d2b8bc85-c179-49c7-8672-6f6ab8b952f8', isJwt=false, lastUsedAt=Thu Oct 12 19:39:32 UTC 2017, userDn='inum=@!1E3A.BA67.71DF.3402!0001!7FE4.7E1E!0000!D3D1.C88B,ou=people,o=@!1E3A.BA67.71DF.3402!0001!7FE4.7E1E,o=gluu', authenticationTime=Thu Oct 12 19:39:32 UTC 2017, state=authenticated, permissionGranted=null, permissionGrantedMap=null, sessionAttributes={scope=openid profile user_name groups test, response_type=token id_token, redirect_uri=https://localhost:44303/client/src/, nonce=9b81fc4a-96a1-fa8f-b409-81d557391132, remote_ip=192.168.50.76, state=52802004-a8de-20fd-44a1-7d98574f580e, auth_step=1, client_id=@!1E3A.BA67.71DF.3402!0001!7FE4.7E1E!0008!B54A.F7BE, acr=internal, auth_user=gluu_user}, persisted=true} 2017-10-12 19:39:32,039 INFO [org.xdi.oxauth.service.AuthenticationService] Attempting to redirect user: User: org.xdi.oxauth.model.common.User@462bb0cb 2017-10-12 19:39:32,055 INFO [org.xdi.oxauth.auth.Authenticator] Authentication success for User: 'gluu_user' Is this a known issue or is there any solution for it? Thanks

By Aliaksandr Samuseu staff 12 Oct 2017 at 3:46 p.m. CDT

Aliaksandr Samuseu gravatar
There is a known issue about multi-valued attributes being returned as a single string from userinfo. Like, `"customTest": "[xcvsdgsdsdxcvxcvcxv, sfgsdsdcbvbcvb]"` instead of `"customTest": ["xcvsdgsdsdxcvxcvcxv", "sfgsdsdcbvbcvb"]`. Unless it's something like this, it's a new one.

By Aliaksandr Samuseu staff 12 Oct 2017 at 3:48 p.m. CDT

Aliaksandr Samuseu gravatar
Could you share an example of one of yours id_tokens, perhaps? Also, please provide screenshots of this attribute's page with all its settings.

By Mitch Trahan user 12 Oct 2017 at 3:53 p.m. CDT

Mitch Trahan gravatar
Hello, thank you for your help. Here are a couple of screenshots: [https://imgur.com/a/aG5bl](https://imgur.com/a/aG5bl) Here's an example id_token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2F1dGguYXVzdGNvLmxvY2FsIiwiYXVkIjoiQCExRTNBLkJBNjcuNzFERi4zNDAyITAwMDEhN0ZFNC43RTFFITAwMDghQjU0QS5GN0JFIiwiZXhwIjoxNTA3OTAxOTcyLCJpYXQiOjE1MDc4MzcxNzIsIm5vbmNlIjoiOWI4MWZjNGEtOTZhMS1mYThmLWI0MDktODFkNTU3MzkxMTMyIiwiYXV0aF90aW1lIjoxNTA3ODM3MTcyLCJhdF9oYXNoIjoiWVVIQTlTSlRjQVJqQ3pQb0cwOXp6USIsIm94VmFsaWRhdGlvblVSSSI6Imh0dHBzOi8vYXV0aC5hdXN0Y28ubG9jYWwvb3hhdXRoL29waWZyYW1lIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwidXNlcl9uYW1lIjoiZ2x1dV91c2VyIiwidGVzdCI6InRlc3QxIiwiaW51bSI6IkAhMUUzQS5CQTY3LjcxREYuMzQwMiEwMDAxITdGRTQuN0UxRSEwMDAwIUQzRDEuQzg4QiIsImdyb3VwcyI6ImludW09QCExRTNBLkJBNjcuNzFERi4zNDAyITAwMDEhN0ZFNC43RTFFITAwMDMhMzAxNC42QUQyLG91PWdyb3VwcyxvPUAhMUUzQS5CQTY3LjcxREYuMzQwMiEwMDAxITdGRTQuN0UxRSxvPWdsdXUiLCJuYW1lIjoiZ2x1dSB1c2VyIiwiZmFtaWx5X25hbWUiOiJ1c2VyIiwiZ2l2ZW5fbmFtZSI6ImdsdXUiLCJzdWIiOiJTeEhybVFFWEZIdFgzSkhObmtJUzJFZzAydWRpWU5WcURBSF9wM1dma2NrIn0.cIBuTwZLO8G4NV5TF71g6W1D5YuqQqiluKPWmYQTIAU

By Michael Schwartz Account Admin 12 Oct 2017 at 4:17 p.m. CDT

Michael Schwartz gravatar
He's only getting back one group: ``` "groups": "inum=@!1E3A.BA67.71DF.3402!0001!7FE4.7E1E!0003!3014.6AD2,ou=groups,o=@!1E3A.BA67.71DF.3402!0001!7FE4.7E1E,o=gluu" ``` Can you upgrade to [version 3.1.1](https://gluu.org/docs/ce/3.1.1/) There might already be a fix for this.

By Mitch Trahan user 12 Oct 2017 at 4:19 p.m. CDT

Mitch Trahan gravatar
Not easily, but if there's nothing else I suppose that's our next step. Thanks

By Michael Schwartz Account Admin 12 Oct 2017 at 4:39 p.m. CDT

Michael Schwartz gravatar
Recommended anyway for security. I see you are a healthcare company.

By William Lowe user 12 Oct 2017 at 4:45 p.m. CDT

William Lowe gravatar
Upgrade docs for 2.4.4 to 3.1.1 can be found [here](https://gluu.org/docs/ce/upgrade/#upgrade-from-2xx-to-311). Thanks, Will

By Aliaksandr Samuseu staff 12 Oct 2017 at 9:32 p.m. CDT

Aliaksandr Samuseu gravatar
I've committed a test in the latest 3.1.1 package, and it's the same for multi-valued claims returned in id_token there. Yet from userinfo all values are returned (though still as a single string). I'll report it on github. **Edit:** Done [link](https://github.com/GluuFederation/oxAuth/issues/670)

By Aliaksandr Samuseu staff 13 Oct 2017 at 5:17 p.m. CDT

Aliaksandr Samuseu gravatar
I'm closing the ticket, Mitch. You can track issue's status on github.

By Mitch Trahan user 20 Oct 2017 at 9:58 a.m. CDT

Mitch Trahan gravatar
Thanks for the response. What's the chance of this patch being applied to version 2.x?

By William Lowe user 20 Oct 2017 at 10 a.m. CDT

William Lowe gravatar
Hi Mitch, We would do it if a customer requests it. Otherwise probably not too likely. Thanks, Will