diff options
| author | Simo Sorce <simo@redhat.com> | 2015-02-16 14:04:49 -0500 |
|---|---|---|
| committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-02-24 16:37:38 +0100 |
| commit | 771b8fd095f3bcb922f761d297c62f1a56a997d5 (patch) | |
| tree | a0b588a1135f97abf6ddff141cb461b1fd389685 /ipsilon/providers/saml2 | |
| parent | dd8a2ecf15a7f74e2fe3d8c5ea0ff5e2fed20927 (diff) | |
| download | ipsilon-771b8fd095f3bcb922f761d297c62f1a56a997d5.tar.gz ipsilon-771b8fd095f3bcb922f761d297c62f1a56a997d5.tar.xz ipsilon-771b8fd095f3bcb922f761d297c62f1a56a997d5.zip | |
Prefix userdata hives with _ to avoid conflicts
The main userdata dict contains common attributes, but we add
a sepcial groups list and unmapped extras, as well as indicators
like auth_type.
All these additional attributes are now prefixed by a _ character
so that conflicts with legitimate attributes are improbable.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2')
| -rw-r--r-- | ipsilon/providers/saml2/auth.py | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 44ed834..a65b52a 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -210,20 +210,13 @@ class AuthenticateRequest(ProviderPageBase): if not attrstat.attribute: attrstat.attribute = () - attributes = dict() - userattrs = us.get_user_attrs() - for key, value in userattrs.get('userdata', {}).iteritems(): - if type(value) is str: - attributes[key] = value - if 'groups' in userattrs: - attributes['group'] = userattrs['groups'] - for _, info in userattrs.get('extras', {}).iteritems(): - for key, value in info.items(): - attributes[key] = value + attributes = us.get_user_attrs() for key in attributes: values = attributes[key] - if type(values) is not list: + if isinstance(values, dict): + continue + if not isinstance(values, list): values = [values] for value in values: attr = lasso.Saml2Attribute() |