When systemuser, remove all other claims from PDP call

Altinn · Nov 21, 2024 · 507201e · 507201e
1 parent 14cf1c2
commit 507201e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/src/Altinn.Common.PEP/Altinn.Common.PEP/Altinn.Common.PEP.csproj b/src/Altinn.Common.PEP/Altinn.Common.PEP/Altinn.Common.PEP.csproj
@@ -8,7 +8,7 @@
     <IsPackable>true</IsPackable>
     <!-- NuGet package properties -->
     <PackageId>Altinn.Common.PEP</PackageId>
-    <Version>4.1.0</Version>
+    <Version>4.1.1</Version>
     <PackageTags>Altinn;Studio;Authorization;Policy;Enforcement;Point</PackageTags>
     <Description>
 		Policy Enforcement Point for Attribute-based authorization using Altinn.Authorization.ABAC in ASP.Net apps.

diff --git a/src/Altinn.Common.PEP/Altinn.Common.PEP/Helpers/DecisionHelper.cs b/src/Altinn.Common.PEP/Altinn.Common.PEP/Helpers/DecisionHelper.cs
@@ -250,6 +250,8 @@ private static List<XacmlJsonAttribute> CreateSubjectAttributes(IEnumerable<Clai
             }
             else if (systemUserAttribute != null)
             {
+                // If we have a system user we only add that. No other attributes allowed by PDP
+                attributes.Clear();
                 attributes.Add(systemUserAttribute);
             }
             else if (legacyOrganizationNumberAttibute != null)