diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-04-07 15:34:43 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-04-10 10:38:20 -0400 |
commit | 81ad559af403d4d62f21209d34ba00833e007300 (patch) | |
tree | d7703c5ecbb3f8113d262ed4ec0649f7cacfbc02 /ipsilon/providers/saml2/auth.py | |
parent | 434bffc3b1ab4a74f0f23508e624e7427987aaf8 (diff) | |
download | ipsilon.git-81ad559af403d4d62f21209d34ba00833e007300.tar.gz ipsilon.git-81ad559af403d4d62f21209d34ba00833e007300.tar.xz ipsilon.git-81ad559af403d4d62f21209d34ba00833e007300.zip |
Add per-SP attribute mapping and allowed attributes
The per-SP values are considered overrides and the global values
are default.
https://fedorahosted.org/ipsilon/ticket/25
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2/auth.py')
-rw-r--r-- | ipsilon/providers/saml2/auth.py | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index d895f43..12af16b 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -213,9 +213,20 @@ class AuthenticateRequest(ProviderPageBase): raise AuthenticationError("Unavailable Name ID type", lasso.SAML2_STATUS_CODE_AUTHN_FAILED) - # Check attribute policy and perform mapping and filtering - policy = Policy(self.cfg.default_attribute_mapping, - self.cfg.default_allowed_attributes) + # Check attribute policy and perform mapping and filtering. + # If the SP has its own mapping or filtering policy use that + # instead of the global policy. + if (provider.attribute_mappings is not None and + len(provider.attribute_mappings) > 0): + attribute_mappings = provider.attribute_mappings + else: + attribute_mappings = self.cfg.default_attribute_mapping + if (provider.allowed_attributes is not None and + len(provider.allowed_attributes) > 0): + allowed_attributes = provider.allowed_attributes + else: + allowed_attributes = self.cfg.default_allowed_attributes + policy = Policy(attribute_mappings, allowed_attributes) userattrs = us.get_user_attrs() mappedattrs, _ = policy.map_attributes(userattrs) attributes = policy.filter_attributes(mappedattrs) |