PyFF may pick scoped display names over non-scoped ones in the discojson pipe

[enriquepablo]

If an entity metadata includes DisplayName elements within ScopedUIInfo elements, and these precede the DisplayName in the UIInfo element, discojson will produce JSON with the 1st scoped DisplayName element. This will also happen with UI info elements other than DisplayName, e.g. Description.

Code Version

master (2.1.3)

Expected Behavior

The DisplayName in the UIInfo element should be picked

Current Behavior

The DisplayName in the 1st ScopedUIInfo element is picked

Possible Solution

Check ancestors of the DisplayName (and other UI info) elements

Steps to Reproduce

1. Produce metadata for an entity including the XML structure below
2. process it through PyFF to obtain discojson
3. check the DisplayName

  <md:IDPSSODescriptor [...]>
    <md:Extensions>
      <shibmd:Scope regexp="false">81098135.example.org</shibmd:Scope>
      <oaf:ScopedUIInfo scope="81098135.example.org">
        <mdui:DisplayName xml:lang="en">SCOPED</mdui:DisplayName>
      </oaf:ScopedUIInfo>
      <mdui:UIInfo>
        <mdui:DisplayName xml:lang="en">NON SCOPED</mdui:DisplayName>
      </mdui:UIInfo>
      [...]
    </md:Extensions>
    [...]
  </md:IDPSSODescriptor>

[alexstuart]

Hi Enrique, you give a possible solution:

Check ancestors of the DisplayName (and other UI info) elements

I totally agree. mdui:DisplayName is defined in the SAML MDUI spec as part of an mdui:UIInfo element, so you know the semantics of that. OpenAthens' ScopedUIInfo has not, to my knowledge, been standardised and published so IMO you should ignore any mdui:DisplayName in a oaf:ScopedUIInfo container.

[enriquepablo]

Hi Alex, I had not noticed that ScopedUIInfo is an OpenAthens thing, it makes more sense now.