De-duplicate user profile attribute values #2903
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've discovered what I think is an issue with deserialization of the
SAML2Profile
class involving theauthnContexts
property. When it is deserialized, Jackson will populate theauthenticationAttributes
map in the object normally. But when it tries to populate theauthnContexts
property by calling its setter, it inserts a duplicate value into theauthenticationAttributes
map, as it tries to "merge" the multiple values.As this happens on every read from JSON storage, the
authenticationAttributes
map gets really big really quickly (doubles on every serialization round trip). This causes big issues in my CAS ticket registry storage for a fairly common usagepattern (user logs in to 5 or 6 different services on a single SSO session).
To fix, I made a small change to
BasicUserProfile.mergeCollectionAttributes()
which simply deduplicates multiple values from the twoCollections
. I'm thinking there's not a use case out there where somebody needs to have duplicate attribute values. I've done some testing in my nonproduction deployments, and it fixes the problem.