3 éve · 56a6133b20
--- a/saml2/saml2-service-provider/src/opensaml3Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/opensaml3Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSamlAuthenticationProviderTests.java
@@ -244,6 +244,7 @@ public class OpenSamlAuthenticationProviderTests {
 
				 		expected.put("age", Collections.singletonList(21));
			
 
				 		expected.put("website", Collections.singletonList("https://johndoe.com/"));
			
 
				 		expected.put("registered", Collections.singletonList(true));
			
 
				+		expected.put("role", Arrays.asList("RoleTwo"));
			
 
				 		Instant registeredDate = Instant.ofEpochMilli(DateTime.parse("1970-01-01T00:00:00Z").getMillis());
			
 
				 		expected.put("registeredDate", Collections.singletonList(registeredDate));
			
 
				 		assertThat((String) principal.getFirstAttribute("name")).isEqualTo("John Doe");
			
--- a/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
+++ b/saml2/saml2-service-provider/src/opensaml4Main/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProvider.java
@@ -23,7 +23,6 @@ import java.util.ArrayList;
 
				 import java.util.Collection;
			
 
				 import java.util.Collections;
			
 
				 import java.util.HashMap;
			
 
				-import java.util.LinkedHashMap;
			
 
				 import java.util.List;
			
 
				 import java.util.Map;
			
 
				 import java.util.function.Consumer;
			
@@ -86,6 +85,8 @@ import org.springframework.security.saml2.core.Saml2ResponseValidatorResult;
 
				 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
			
 
				 import org.springframework.util.Assert;
			
 
				 import org.springframework.util.CollectionUtils;
			
 
				+import org.springframework.util.LinkedMultiValueMap;
			
 
				+import org.springframework.util.MultiValueMap;
			
 
				 import org.springframework.util.StringUtils;
			
 
				 
			
 
				 /**
			
@@ -601,7 +602,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
 
				 	}
			
 
				 
			
 
				 	private static Map<String, List<Object>> getAssertionAttributes(Assertion assertion) {
			
 
				-		Map<String, List<Object>> attributeMap = new LinkedHashMap<>();
			
 
				+		MultiValueMap<String, Object> attributeMap = new LinkedMultiValueMap<>();
			
 
				 		for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
			
 
				 			for (Attribute attribute : attributeStatement.getAttributes()) {
			
 
				 				List<Object> attributeValues = new ArrayList<>();
			
@@ -611,7 +612,7 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
 
				 						attributeValues.add(attributeValue);
			
 
				 					}
			
 
				 				}
			
 
				-				attributeMap.put(attribute.getName(), attributeValues);
			
 
				+				attributeMap.addAll(attribute.getName(), attributeValues);
			
 
				 			}
			
 
				 		}
			
 
				 		return attributeMap;
			
--- a/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
+++ b/saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java
@@ -245,6 +245,7 @@ public class OpenSaml4AuthenticationProviderTests {
 
				 		expected.put("registered", Collections.singletonList(true));
			
 
				 		Instant registeredDate = Instant.parse("1970-01-01T00:00:00Z");
			
 
				 		expected.put("registeredDate", Collections.singletonList(registeredDate));
			
 
				+		expected.put("role", Arrays.asList("RoleOne", "RoleTwo")); // gh-11042
			
 
				 		assertThat((String) principal.getFirstAttribute("name")).isEqualTo("John Doe");
			
 
				 		assertThat(principal.getAttributes()).isEqualTo(expected);
			
 
				 	}
			
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestOpenSamlObjects.java
@@ -312,6 +312,18 @@ public final class TestOpenSamlObjects {
 
				 		name.setValue("John Doe");
			
 
				 		nameAttr.getAttributeValues().add(name);
			
 
				 		attrStmt1.getAttributes().add(nameAttr);
			
 
				+		Attribute roleOneAttr = attributeBuilder.buildObject(); // gh-11042
			
 
				+		roleOneAttr.setName("role");
			
 
				+		XSString roleOne = new XSStringBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
			
 
				+		roleOne.setValue("RoleOne");
			
 
				+		roleOneAttr.getAttributeValues().add(roleOne);
			
 
				+		attrStmt1.getAttributes().add(roleOneAttr);
			
 
				+		Attribute roleTwoAttr = attributeBuilder.buildObject(); // gh-11042
			
 
				+		roleTwoAttr.setName("role");
			
 
				+		XSString roleTwo = new XSStringBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
			
 
				+		roleTwo.setValue("RoleTwo");
			
 
				+		roleTwoAttr.getAttributeValues().add(roleTwo);
			
 
				+		attrStmt1.getAttributes().add(roleTwoAttr);
			
 
				 		Attribute ageAttr = attributeBuilder.buildObject();
			
 
				 		ageAttr.setName("age");
			
 
				 		XSInteger age = new XSIntegerBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);