问题
To replicate the potential production scenario of an IdP initiated SAML request, I'm trying to set up a local (docker-based) version of OpenAM to serve as an IdP for an application (an SP) that I am developing.
The application is written in Django and is reliant on its ability to resolve groups associated with the user whose identity is being asserted in the SAML response from this IdP.
Specifically, I'd like to receive the names of groups for each user in SAML response in the following format:
<Attribute name="groups">
<AttributeValue>groupOne</AttributeValue>
<AttributeValue>groupTwo</AttributeValue>
<AttributeValue>groupThree</AttributeValue>
<AttributeValue>groupFour</AttributeValue>
</Attribute>
Does OpenAM have an ability to create a multivalue attribute list like that and if so, could someone please point me to the documentation describing how it's done via it's IdP management console (or otherwise).
And, by the way, I've attempted to ask the question on OpenAM IdP Forum, however their system doesn't seem to accept new topics (I'm not seeing my question displayed there, after multiple attempts).
Thank you in advance.
来源:https://stackoverflow.com/questions/50140717/multi-value-attribute-in-openam-idp