diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-11-26 19:47:49 +0200 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2018-11-26 19:59:11 +0200 |
commit | 65226caa34874a44a5752494a7001d87a5a523de (patch) | |
tree | 9b416d5fbecd78600c544a740ab8cecdb02bd04d | |
parent | 4815d512fb6ada9678ac0c0e0cfb543f6171ff80 (diff) | |
download | pysaml2-65226caa34874a44a5752494a7001d87a5a523de.tar.gz |
Add assurance_certification configuration option
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
-rw-r--r-- | docs/howto/config.rst | 20 | ||||
-rw-r--r-- | src/saml2/config.py | 10 | ||||
-rw-r--r-- | src/saml2/metadata.py | 11 |
3 files changed, 36 insertions, 5 deletions
diff --git a/docs/howto/config.rst b/docs/howto/config.rst index ee4e403f..274da303 100644 --- a/docs/howto/config.rst +++ b/docs/howto/config.rst @@ -55,6 +55,24 @@ Configuration directives General directives ------------------ +assurance_certification +^^^^^^^^^^^^^^^^^^^^^^^ + +Format:: + + "assurance_specification": [ + "https://refeds.org/sirtfi", + ] + +Generates an `Attribute` element with name-format +`urn:oasis:names:tc:SAML:2.0:attrname-format:uri` and name +`urn:oasis:names:tc:SAML:attribute:assurance-certification` that contains +`AttributeValue` elements with the given values from the list. +The element is added under the generated metadata `EntityDescriptor` as an +`Extension` element under the `EntityAttributes` element. + +Read more about `representing assurance information at the specification <https://wiki.oasis-open.org/security/SAML2IDAssuranceProfile>`_. + attribute_map_dir ^^^^^^^^^^^^^^^^^ @@ -666,7 +684,7 @@ Where the endpoints for the services provided are. This directive has as value a dictionary with one or more of the following keys: * artifact_resolution_service (aa, idp and sp) -* `assertion_consumer_service <https://wiki.shibboleth.net/confluence/display/CONCEPT/AssertionConsumerService>`_ (sp) +* `assertion_consumer_service <https://wiki.shibboleth.net/confluence/display/CONCEPT/AssertionConsumerService>`_ (sp) * assertion_id_request_service (aa, idp) * attribute_service (aa) * manage_name_id_service (aa, idp) diff --git a/src/saml2/config.py b/src/saml2/config.py index d210397c..4278935f 100644 --- a/src/saml2/config.py +++ b/src/saml2/config.py @@ -52,6 +52,7 @@ COMMON_ARGS = [ "disable_ssl_certificate_validation", "preferred_binding", "session_storage", + "assurance_certification", "entity_category", "xmlsec_path", "extension_schemas", @@ -221,7 +222,8 @@ class Config(object): self.preferred_binding = PREFERRED_BINDING self.domain = "" self.name_qualifier = "" - self.entity_category = "" + self.assurance_certification = [] + self.entity_category = [] self.crypto_backend = 'xmlsec1' self.id_attr_name = None self.scope = "" @@ -568,11 +570,11 @@ def config_factory(_type, config): """ :type _type: str - :param _type: - + :param _type: + :type config: str or dict :param config: Name of file with pysaml2 config or CONFIG dict - + :return: """ if _type == "sp": diff --git a/src/saml2/metadata.py b/src/saml2/metadata.py index a5c35c9e..10f06d67 100644 --- a/src/saml2/metadata.py +++ b/src/saml2/metadata.py @@ -692,6 +692,17 @@ def entity_descriptor(confd): if confd.contact_person is not None: entd.contact_person = do_contact_persons_info(confd.contact_person) + if confd.assurance_certification: + if not entd.extensions: + entd.extensions = md.Extensions() + ava = [AttributeValue(text=c) for c in confd.assurance_certification] + attr = Attribute( + attribute_value=ava, + name="urn:oasis:names:tc:SAML:attribute:assurance-certification" + ) + item = mdattr.EntityAttributes(attribute=attr) + entd.extensions.add_extension_element(item) + if confd.entity_category: if not entd.extensions: entd.extensions = md.Extensions() |