diff options
author | Simo Sorce <simo@redhat.com> | 2014-06-16 19:36:03 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2014-09-24 20:29:43 +0200 |
commit | e9e517a0385a321f2f42625f739469b79e33ac16 (patch) | |
tree | 7ca7ae1bdd36f95a772b5707d60122c60d48dc3d /ipsilon | |
parent | aa7cd3ad8e6d51f51ae46b3a6a15a9021edfa595 (diff) | |
download | ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.tar.gz ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.tar.xz ipsilon-e9e517a0385a321f2f42625f739469b79e33ac16.zip |
Add support for returning user attributes
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon')
-rwxr-xr-x | ipsilon/login/common.py | 14 | ||||
-rwxr-xr-x | ipsilon/providers/saml2/auth.py | 24 |
2 files changed, 37 insertions, 1 deletions
diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py index 9dbcc0f..7fb1342 100755 --- a/ipsilon/login/common.py +++ b/ipsilon/login/common.py @@ -22,6 +22,7 @@ from ipsilon.util.page import Page from ipsilon.util.user import UserSession from ipsilon.util.plugin import PluginLoader, PluginObject from ipsilon.util.plugin import PluginInstaller +from ipsilon.info.common import Info import cherrypy @@ -34,6 +35,7 @@ class LoginManagerBase(PluginObject, Log): super(LoginManagerBase, self).__init__() self.path = '/' self.next_login = None + self.info = None def redirect_to_path(self, path): base = cherrypy.config.get('base.mount', "") @@ -47,6 +49,14 @@ class LoginManagerBase(PluginObject, Log): if not ref: ref = cherrypy.config.get('base.mount', "") + '/' + if self.info: + userattrs = self.info.get_user_attrs(username) + if userdata: + userdata.update(userattrs or {}) + else: + userdata = userattrs + self.debug("User %s attributes: %s" % (username, repr(userdata))) + if auth_type: if userdata: userdata.update({'auth_type': auth_type}) @@ -114,6 +124,9 @@ class LoginManagerBase(PluginObject, Log): plugins['enabled'].append(self) self._debug('Login plugin enabled: %s' % self.name) + # Get handle of the info plugin + self.info = root.info + def disable(self, site): plugins = site[FACILITY] if self not in plugins['enabled']: @@ -193,6 +206,7 @@ class Login(Page): def __init__(self, *args, **kwargs): super(Login, self).__init__(*args, **kwargs) self.first_login = None + self.info = Info() loader = PluginLoader(Login, FACILITY, 'LoginManager') self._site[FACILITY] = loader.get_plugin_data() diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 036ed5e..e35ff13 100755 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -193,7 +193,29 @@ class AuthenticateRequest(ProviderPageBase): raise AuthenticationError("Unavailable Name ID type", lasso.SAML2_STATUS_CODE_AUTHN_FAILED) - # TODO: add user attributes as policy requires from 'usersession' + # TODO: filter user attributes as policy requires from 'usersession' + if not login.assertion.attributeStatement: + attrstat = lasso.Saml2AttributeStatement() + login.assertion.attributeStatement = [attrstat] + else: + attrstat = login.assertion.attributeStatement[0] + if not attrstat.attribute: + attrstat.attribute = () + + attributes = us.get_user_attrs() + for key in attributes: + attr = lasso.Saml2Attribute() + attr.name = key + attr.nameFormat = lasso.SAML2_ATTRIBUTE_NAME_FORMAT_BASIC + value = str(attributes[key]).encode('utf-8') + node = lasso.MiscTextNode.newWithString(value) + node.textChild = True + attrvalue = lasso.Saml2AttributeValue() + attrvalue.any = [node] + attr.attributeValue = [attrvalue] + attrstat.attribute = attrstat.attribute + (attr,) + + self.debug('Assertion: %s' % login.assertion.dump()) def saml2error(self, login, code, message): status = lasso.Samlp2Status() |