Support arbitrary entity attributes

Introduce new configuration option `entity_attributes` that defines a list of
dictionaries each of which represents an <Attribute> element. Each dicrionary has fields
for the NameFormat, the Name, the FriendName and a list of strings that are used to
create <AttributeValue> elements, each with the string as the text node.

    "entity_attributes": [
      {
        "name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
        "name": "urn:oasis:names:tc:SAML:profiles:subject-id:req",
        # "friendly_name" is not set
        "values": ["any"],
      },
    ]

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>

1 files changed, 23 insertions, 0 deletions

diff --git a/docs/howto/config.rst b/docs/howto/config.rst
index 9f20eba6..a46927a4 100644
--- a/docs/howto/config.rst
+++ b/docs/howto/config.rst
@@ -76,6 +76,29 @@ if you need to include a certificate chain.
 
 Each entry in *additional_cert_files* must be a PEM formatted file with a single certificate.
 
+entity_attributes
+^^^^^^^^^^^^^^^^^
+
+Generates an ``Attribute`` element with the given NameFormat, Name, FriendlyName and
+values, each as an ``AttributeValue`` element.
+
+The element is added under the generated metadata ``EntityDescriptor`` as an
+``Extension`` element under the ``EntityAttributes`` element.
+
+And omit
+
+Example::
+
+    "entity_attributes": [
+      {
+        "name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+        "name": "urn:oasis:names:tc:SAML:profiles:subject-id:req",
+        # "friendly_name" is not set
+        "values": ["any"],
+      },
+    ]
+
+
 assurance_certification
 ^^^^^^^^^^^^^^^^^^^^^^^