From 1055b7bc810139d1e6ee3c225bcfba7b88e7aeab Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 9 Apr 2015 15:11:39 -0400
Subject: Add test for per-SP allowed and mapping attributes

This buidls up a specific global mapping and allowed attributes then
creates an SP-specific configuration which differs enough to confirm
that it is in fact overriding the default. It finishes by removing the
per-SP configuration and ensuring that it falls back to the IdP-default.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
---
 ipsilon/providers/saml2/auth.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'ipsilon/providers/saml2/auth.py')

diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 12af16b..bdcb9b8 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -226,6 +226,8 @@ class AuthenticateRequest(ProviderPageBase):
             allowed_attributes = provider.allowed_attributes
         else:
             allowed_attributes = self.cfg.default_allowed_attributes
+        self.debug("Allowed attrs: %s" % allowed_attributes)
+        self.debug("Mapping: %s" % attribute_mappings)
         policy = Policy(attribute_mappings, allowed_attributes)
         userattrs = us.get_user_attrs()
         mappedattrs, _ = policy.map_attributes(userattrs)
-- 
cgit