diff options
| author | Simo Sorce <simo@redhat.com> | 2015-03-17 13:22:06 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-03-17 20:38:27 -0400 |
| commit | acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6 (patch) | |
| tree | 296cbd1b3c5981e4f7a00e411cd6d6803b24cbe4 /ipsilon | |
| parent | 2b9b1190fdca8dc94d0a7d7f5f00d8084f729127 (diff) | |
| download | ipsilon-acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6.tar.gz ipsilon-acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6.tar.xz ipsilon-acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6.zip | |
Properly handle groups info in SAML provider
Also removes internal attributes (any attribute that starts with _
Fixes: https://fedorahosted.org/ipsilon/ticket/71
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Diffstat (limited to 'ipsilon')
| -rw-r--r-- | ipsilon/providers/saml2/auth.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 95751aa..ddebd8c 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -217,9 +217,15 @@ class AuthenticateRequest(ProviderPageBase): mappedattrs, _ = policy.map_attributes(userattrs) attributes = policy.filter_attributes(mappedattrs) + if '_groups' in attributes and 'groups' not in attributes: + attributes['groups'] = attributes['_groups'] + self.debug("%s's attributes: %s" % (user.name, attributes)) for key in attributes: + # skip internal info + if key[0] == '_': + continue values = attributes[key] if isinstance(values, dict): continue |