NIFI-8709 - added XSAnyImpl in attribute check for group
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes #5164.
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLService.java
index d1a1e97..bbcff0c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLService.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/saml/impl/StandardSAMLService.java
@@ -36,6 +36,7 @@
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.encryption.DecryptionException;
import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSAnyImpl;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -375,8 +376,13 @@
final String groupName = valueXSString.getValue();
LOGGER.debug("Found group {} for {}", groupName, userIdentity);
groups.add(groupName);
+ } else if (value instanceof XSAnyImpl) {
+ final XSAnyImpl valueXSAnyImpl = (XSAnyImpl) value;
+ final String groupName = valueXSAnyImpl.getTextContent();
+ LOGGER.debug("Found group {} for {}", groupName, userIdentity);
+ groups.add(groupName);
} else {
- LOGGER.debug("Value was not XSString, but was " + value.getClass().getCanonicalName());
+ LOGGER.debug("Value was not XSString and XSAnyImpl, but was " + value.getClass().getCanonicalName());
}
}
}
