diff options
| author | Johan Lundberg <lundberg@sunet.se> | 2022-12-01 16:24:14 +0100 |
|---|---|---|
| committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2022-12-07 15:57:43 +0200 |
| commit | 2a7d5207b853b8183c72ba5b53e015adee6e70dd (patch) | |
| tree | 5a912069b9582408f5835110e1e1dca73e50cc7c | |
| parent | 96b245ec360b8251dec02765da53a0c7c298356f (diff) | |
| download | pysaml2-2a7d5207b853b8183c72ba5b53e015adee6e70dd.tar.gz | |
allow to specify no aggregation entity categories
this will restrict the attributes returned to only the one specified in
that exact category
| -rw-r--r-- | src/saml2/assertion.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py index 344c7863..53f917be 100644 --- a/src/saml2/assertion.py +++ b/src/saml2/assertion.py @@ -290,7 +290,8 @@ def compile(restrictions): for key, items in _mod.RELEASE.items(): alist = [k.lower() for k in items] _only_required = getattr(_mod, "ONLY_REQUIRED", {}).get(key, False) - _ec[key] = (alist, _only_required) + _no_aggregation = getattr(_mod, "NO_AGGREGATION", {}).get(key, False) + _ec[key] = (alist, _only_required, _no_aggregation) ecs.append(_ec) spec["entity_categories"] = ecs or None @@ -434,7 +435,7 @@ class Policy: if mds: ecs = mds.entity_categories(sp_entity_id) for ec_map in maps: - for key, (atlist, only_required) in ec_map.items(): + for key, (atlist, only_required, no_aggregation) in ec_map.items(): if key == "": # always released attrs = atlist elif isinstance(key, tuple): @@ -454,6 +455,9 @@ class Policy: else: attrs = [] + if attrs and no_aggregation: + # clear restrictions if the found category is a no aggregation category + restrictions = {} for attr in attrs: restrictions[attr] = None else: |