diff options
author | Simo Sorce <simo@redhat.com> | 2014-06-16 19:36:03 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2014-09-24 20:29:43 +0200 |
commit | e9e517a0385a321f2f42625f739469b79e33ac16 (patch) | |
tree | 7ca7ae1bdd36f95a772b5707d60122c60d48dc3d /ipsilon/providers/saml2 | |
parent | aa7cd3ad8e6d51f51ae46b3a6a15a9021edfa595 (diff) | |
download | ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.tar.gz ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.tar.xz ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.zip |
Add support for returning user attributes
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2')
-rwxr-xr-x | ipsilon/providers/saml2/auth.py | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 036ed5e..e35ff13 100755 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -193,7 +193,29 @@ class AuthenticateRequest(ProviderPageBase): raise AuthenticationError("Unavailable Name ID type", lasso.SAML2_STATUS_CODE_AUTHN_FAILED) - # TODO: add user attributes as policy requires from 'usersession' + # TODO: filter user attributes as policy requires from 'usersession' + if not login.assertion.attributeStatement: + attrstat = lasso.Saml2AttributeStatement() + login.assertion.attributeStatement = [attrstat] + else: + attrstat = login.assertion.attributeStatement[0] + if not attrstat.attribute: + attrstat.attribute = () + + attributes = us.get_user_attrs() + for key in attributes: + attr = lasso.Saml2Attribute() + attr.name = key + attr.nameFormat = lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC + value = str(attributes[key]).encode('utf-8') + node = lasso.MiscTextNode.newWithString(value) + node.textChild = True + attrvalue = lasso.Saml2AttributeValue() + attrvalue.any = [node] + attr.attributeValue = [attrvalue] + attrstat.attribute = attrstat.attribute + (attr,) + + self.debug('Assertion: %s' % login.assertion.dump()) def saml2error(self, login, code, message): status = lasso.Samlp2Status() |