summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2015-03-17 13:22:06 -0400
committerSimo Sorce <simo@redhat.com>2015-03-17 20:38:27 -0400
commitacd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6 (patch)
tree296cbd1b3c5981e4f7a00e411cd6d6803b24cbe4
parent2b9b1190fdca8dc94d0a7d7f5f00d8084f729127 (diff)
downloadipsilon-acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6.zip
ipsilon-acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6.tar.gz
ipsilon-acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6.tar.xz
Properly handle groups info in SAML provider
Also removes internal attributes (any attribute that starts with _ Fixes: https://fedorahosted.org/ipsilon/ticket/71 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com>
-rw-r--r--ipsilon/providers/saml2/auth.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 95751aa..ddebd8c 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -217,9 +217,15 @@ class AuthenticateRequest(ProviderPageBase):
mappedattrs, _ = policy.map_attributes(userattrs)
attributes = policy.filter_attributes(mappedattrs)
+ if '_groups' in attributes and 'groups' not in attributes:
+ attributes['groups'] = attributes['_groups']
+
self.debug("%s's attributes: %s" % (user.name, attributes))
for key in attributes:
+ # skip internal info
+ if key[0] == '_':
+ continue
values = attributes[key]
if isinstance(values, dict):
continue