De-duplicate user profile attribute values #2903
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Excellent! Thanks |
|
I just cut the v6.0.3 release. It will show up soon in the Maven central repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've discovered what I think is an issue with deserialization of the
SAML2Profileclass involving theauthnContextsproperty. When it is deserialized, Jackson will populate theauthenticationAttributesmap in the object normally. But when it tries to populate theauthnContextsproperty by calling its setter, it inserts a duplicate value into theauthenticationAttributesmap, as it tries to "merge" the multiple values.As this happens on every read from JSON storage, the
authenticationAttributesmap gets really big really quickly (doubles on every serialization round trip). This causes big issues in my CAS ticket registry storage for a fairly common usagepattern (user logs in to 5 or 6 different services on a single SSO session).
To fix, I made a small change to
BasicUserProfile.mergeCollectionAttributes()which simply deduplicates multiple values from the twoCollections. I'm thinking there's not a use case out there where somebody needs to have duplicate attribute values. I've done some testing in my nonproduction deployments, and it fixes the problem.