Add support for returning user attributes

Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
author: Simo Sorce <simo@redhat.com> 2014-06-16 19:36:03 -0400
committer: Patrick Uiterwijk <puiterwijk@redhat.com> 2014-09-24 20:29:43 +0200
commit: e9e517a0385a321f2f42625f739469b79e33ac16 (patch)
tree: 7ca7ae1bdd36f95a772b5707d60122c60d48dc3d /ipsilon/providers/saml2
parent: aa7cd3ad8e6d51f51ae46b3a6a15a9021edfa595 (diff)
download: ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.tar.gz
ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.tar.xz
ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.zip
1 files changed, 23 insertions, 1 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 036ed5e..e35ff13 100755
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -193,7 +193,29 @@ class AuthenticateRequest(ProviderPageBase):
             raise AuthenticationError("Unavailable Name ID type",
                                       lasso.SAML2_STATUS_CODE_AUTHN_FAILED)
 
-        # TODO: add user attributes as policy requires from 'usersession'
+        # TODO: filter user attributes as policy requires from 'usersession'
+        if not login.assertion.attributeStatement:
+            attrstat = lasso.Saml2AttributeStatement()
+            login.assertion.attributeStatement = [attrstat]
+        else:
+            attrstat = login.assertion.attributeStatement[0]
+        if not attrstat.attribute:
+            attrstat.attribute = ()
+
+        attributes = us.get_user_attrs()
+        for key in attributes:
+            attr = lasso.Saml2Attribute()
+            attr.name = key
+            attr.nameFormat = lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC
+            value = str(attributes[key]).encode('utf-8')
+            node = lasso.MiscTextNode.newWithString(value)
+            node.textChild = True
+            attrvalue = lasso.Saml2AttributeValue()
+            attrvalue.any = [node]
+            attr.attributeValue = [attrvalue]
+            attrstat.attribute = attrstat.attribute + (attr,)
+
+        self.debug('Assertion: %s' % login.assertion.dump())
 
     def saml2error(self, login, code, message):
         status = lasso.Samlp2Status()
author	Simo Sorce <simo@redhat.com>	2014-06-16 19:36:03 -0400
committer	Patrick Uiterwijk <puiterwijk@redhat.com>	2014-09-24 20:29:43 +0200
commit	e9e517a0385a321f2f42625f739469b79e33ac16 (patch)
tree	7ca7ae1bdd36f95a772b5707d60122c60d48dc3d /ipsilon/providers/saml2
parent	aa7cd3ad8e6d51f51ae46b3a6a15a9021edfa595 (diff)
download	ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.tar.gz ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.tar.xz ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.zip