The memberof array fix supplied by Gluu ticket 5458 will prevent the memberof field from being updated after the array has been added. This is a critical issue as it will quickly kill efforts to integrate with Vanguards SSO. Since they are having to use extraordinary means to supply us with a memberof attribute.
"This is related to Gluu ticket 5458, and contains customization to handle a very large memberOf attribute." <- from: https://clickfox.atlassian.net/wiki/spaces/DEV/pages/427163652/Gluu+3.1.3+SSO+Setup+Using+Inbound+SAML?focusedCommentId=573636660#comment-573636660
This does not allow users' memberof permissions to be updated; attempted updates fail with:
```
[org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Error in update Attribute setCustomAttribute(): 3rd arg can't be coerced to String
Chris Hood [2:52 PM]
added and commented on this Plain Text snippet: oxauth_script.log on the passport server
2018-06-27 16:45:05,156 INFO [qtp1744347043-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - Error in update Attribute setCustomAttribute(): 3rd arg can't be coerced to String
It looks like updates to the user from the IDP are having issues being propagated to the passport server. It adds me correctly, but if my groups are updated on the IDP, the passport server does not get its values updated.
```
I think it's an issue with the custom passport script:
```
else:
foundUserName = foundUser.getUserId()
print("Passport-saml: User Found " + str(foundUserName))
userService = CdiUtil.bean(UserService)
for attributesMappingEntry in self.attributesMapping.entrySet():
remoteAttribute = attributesMappingEntry.getKey()
localAttribute = attributesMappingEntry.getValue()
localAttributeValue = self.getUserValueFromAuth(remoteAttribute, requestParameters)
if ((localAttribute != None) & (localAttributeValue != "undefined") & (
localAttribute != "provider")):
try:
value = foundUser.getAttributeValues(str(localAttribute))[0]
if value != localAttributeValue:
userService.setCustomAttribute(foundUser,localAttribute,localAttributeValue)
userService.updateUser(foundUser)
except Exception, err:
print("Error in update Attribute " + str(err))
userAuthenticated = authenticationService.authenticate(foundUserName)
print("Passport-saml: Is user authenticated = " + str(userAuthenticated))
return True
```
Chris Hood [3:10 PM]
Hahaha, yeah, dumping `value` and `localAttributeValue` returns the following:
```
2018-06-27 17:09:30,628 INFO [qtp1744347043-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - cn=CLICKFOX-devapi2-jr,ou=Security Groups,dc=clickfox,dc=net
2018-06-27 17:09:30,629 INFO [qtp1744347043-15] [org.xdi.service.PythonService$PythonLoggerOutputStream] (PythonService.java:239) - array(java.lang.String, [u'cn=CLICKFOX-devapi2-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-qacdh08-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-foxqahdp01-adm,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-qacdh16-jmgr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-foxqahdp02-adm,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh17-jmgr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-fox_uat-adm,ou=Security Groups,dc=clickfox,dc=net', u'cn=devops,cn=Users,dc=clickfox,dc=net', u'inum=@!45EA.002D.8B1D.2656!0001!4259.D2DF!0003!60B7,ou=groups,o=@!45EA.002D.8B1D.2656!0001!4259.D2DF,o=gluu', u'cn=CLICKFOX-devcdh11-ja,ou=Security Groups,dc=clickfox,dc=net', u'cn=Employees,cn=Users,dc=clickfox,dc=net', u'cn=CLICKFOX-devfox01-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-gray-adm,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-qacdh16-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh03-ja,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh13-ja,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-qacdh06-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-fox_uat-ja,ou=Security Groups,dc=clickfox,dc=net', u'cn=Engineers,cn=Users,dc=clickfox,dc=net', u'cn=CLICKFOX-gray-ja,ou=Security Groups,dc=clickfox,dc=net', u'cn=Clickfox,ou=TestDev,dc=clickfox,dc=net',u'cn=CLICKFOX-devcdh13-adm,ou=Security Groups,dc=clickfox,dc=net', u'cn=SSLVPN Services,cn=Users,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh12-adm,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh17-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=KnowBe4,cn=Users,dc=clickfox,dc=net', u'cn=CLICKFOX-foxqahdp02-ja,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh12-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh02-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=VPN - Dev,cn=Users,dc=clickfox,dc=net', u'cn=VPN - Tech,cn=Users,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh11-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devfox01-ja,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh03-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh18-adm,ou=Security Groups,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh13-jr,ou=Security Groups,dc=clickfox,dc=net', u'cn=Devops Projects,ou=Distribution Lists and Contacts,dc=clickfox,dc=net', u'cn=CLICKFOX-devcdh17-adm,ou=Security Groups,dc=clickfox,dc=net'])
so value will always be `!=` for groups of more than one, but it appears that `userService.setCustomAttribute(foundUser,localAttribute,localAttributeValue)` will not work with an array value
```