有没有办法在 keycloak SAML 断言中过滤/避免重复的属性名称？

我正在尝试使用 nextcloud (13.0.4) 和 keycloak (4.0.0.Final) 设置 SSO（作为 SSO/SAML IDP 和用户管理解决方案），如所述使用 SAML、Keycloak 和 Nextcloud 的 SSO https://stackoverflow.com/questions/48400812/sso-with-saml-keycloak-and-nextcloud.

但是，尝试使用 keycloak 中配置的 SSO 测试用户登录 nextcloud 时，nextcloud 抱怨以下错误：

OneLogin_Saml2_ValidationError: Found an Attribute element with duplicated Name

/var/www/html/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php - line 177: OneLogin_Saml2_Response->getAttributes()
/var/www/html/nextcloud/custom_apps/user_saml/lib/Controller/SAMLController.php - line 219: OneLogin_Saml2_Auth->processResponse('ONELOGIN_1111a8...')
[internal function] OCA\User_SAML\Controller\SAMLController->assertionConsumerService()
/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 161: call_user_func_array(Array, Array)
/var/www/html/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 91: OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\User_SAML\Controller\SAMLController), 'assertionConsum...')
/var/www/html/nextcloud/lib/private/AppFramework/App.php - line 115: OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\User_SAML\Controller\SAMLController), 'assertionConsum...')
/var/www/html/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main('OCA\\User_SAML\\C...', 'assertionConsum...', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
[internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
/var/www/html/nextcloud/lib/private/Route/Router.php - line 297: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
/var/www/html/nextcloud/lib/base.php - line 999: OC\Route\Router->match('/apps/user_saml...')
/var/www/html/nextcloud/index.php - line 42: OC handleRequest()
{main}
enter

我想知道是否有办法避免/过滤 keycloak 中重复的属性名称来规避该问题？

我已经设置了一个测试 docker-compose.yml 来显示问题（仅限本地主机，没有 https，即仅用于测试）。

# Use only for testing the BASE_PATH feature
# An unencrypted nextcloud will be accessible at
# http://localhost/${BASE_PATH}
version: '3.3'
services:
  app:
    image: aanno/nextcloud:13.0.4-apache
    ports: 
        - 8081:80
    container_name: nextcloud-docker-apache
    volumes:
# Attention: Adapt this to your BASE_PATH
#      - ./apps:/var/www/html/nextcloud/custom_apps
#      - ./config:/var/www/html/nextcloud/config
       - ./data:/var/www/html/nextcloud/data
    environment:
        - BASE_PATH=/nextcloud
    networks:
        - bridge
  keycloak_container:
    image: jboss/keycloak
    container_name: keycloak-server
    ports:
      - 8080:8080
    environment:
      - PROXY_ADDRESS_FORWARDING=true
      # defaults to:
      # -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m
      # -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
      #- JAVA_OPTS=-Xmx512m
      - DB_VENDOR=h2
      - KEYCLOAK_USER=admin
      - KEYCLOAK_PASSWORD=admin1234
    networks:
        - bridge

networks:
    bridge:
        external:
            name: app

钥匙斗篷将在http://本地主机:8080 http://localhost:8080和下一个云在http://localhost:8081/nextcloud http://localhost:8081/nextcloud。该文件也可以在以下位置找到https://github.com/aanno/nextcloud-docker/blob/tp/set-base-url-2/13.0/apache/test/docker-compose.yml https://github.com/aanno/nextcloud-docker/blob/tp/set-base-url-2/13.0/apache/test/docker-compose.yml。在这里您还可以了解有关 docker 映像的详细信息（它基于 13.0-apache 的官方 nextcloud/docker 映像）。

因为我也将此作为错误发布在https://github.com/nextcloud/user_saml/issues/222 https://github.com/nextcloud/user_saml/issues/222，我现在知道解决方案：您必须激活“单一角色属性”开关。

在 keycloak 4.0.0.Final 中，该选项有点隐藏在下面： （领域）-> 客户端范围-> role_list (saml) -> 映射器选项卡-> 角色列表->“单一角色属性”。