Added a policy flag that if set to False will allow the IdP to send back an incomplete reply. Not containing attributes that the SP deemed important (that is marked required).

author: Roland Hedberg <roland.hedberg@adm.umu.se> 2014-04-14 16:56:02 +0200
committer: Roland Hedberg <roland.hedberg@adm.umu.se> 2014-04-14 16:56:02 +0200
commit: 4fcb94b6ed39fbc2a17d38e96160fa9116d889d4 (patch)
tree: ab649f10a3698a6367d862652e3f610cecd85307 /src/saml2/assertion.py
parent: e449cd52a3c1e3faa74390456208421e4a04056d (diff)
download: pysaml2-4fcb94b6ed39fbc2a17d38e96160fa9116d889d4.tar.gz
1 files changed, 18 insertions, 3 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py
index ad083450..86def2e2 100644
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -78,7 +78,8 @@ def _match(attr, ava):
     return None
 
 
-def filter_on_attributes(ava, required=None, optional=None, acs=None):
+def filter_on_attributes(ava, required=None, optional=None, acs=None,
+                         fail_on_unfulfilled_requirements=True):
     """ Filter
     
     :param ava: An attribute value assertion as a dictionary
@@ -86,6 +87,8 @@ def filter_on_attributes(ava, required=None, optional=None, acs=None):
         required
     :param optional: list of RequestedAttribute instances defined to be
         optional
+    :param fail_on_unfulfilled_requirements: If required attributes
+        are missing fail or fail not depending on this parameter.
     :return: The modified attribute value assertion
     """
     res = {}
@@ -116,7 +119,7 @@ def filter_on_attributes(ava, required=None, optional=None, acs=None):
                 values = []
             res[_fn] = _filter_values(ava[_fn], values, True)
             continue
-        else:
+        elif fail_on_unfulfilled_requirements:
             desc = "Required attribute missing: '%s' (%s)" % (attr["name"],
                                                               _name)
             raise MissingValue(desc)
@@ -434,6 +437,16 @@ class Policy(object):
 
         return self.get("attribute_restrictions", sp_entity_id)
 
+    def get_fail_on_missing_requested(self, sp_entity_id):
+        """ Return the whether the IdP should should fail if the SPs
+        requested attributes could not be found.
+
+        :param sp_entity_id: The SP entity ID
+        :return: The restrictions
+        """
+
+        return self.get("fail_on_missing_requested", sp_entity_id, True)
+
     def entity_category_attributes(self, ec):
         if not self._restrictions:
             return None
@@ -492,7 +505,9 @@ class Policy(object):
         
         if required or optional:
             logger.debug("required: %s, optional: %s" % (required, optional))
-            ava = filter_on_attributes(ava, required, optional, self.acs)
+            ava = filter_on_attributes(
+                ava, required, optional, self.acs,
+                self.get_fail_on_missing_requested(sp_entity_id))
         
         return ava
author	Roland Hedberg <roland.hedberg@adm.umu.se>	2014-04-14 16:56:02 +0200
committer	Roland Hedberg <roland.hedberg@adm.umu.se>	2014-04-14 16:56:02 +0200
commit	4fcb94b6ed39fbc2a17d38e96160fa9116d889d4 (patch)
tree	ab649f10a3698a6367d862652e3f610cecd85307 /src/saml2/assertion.py
parent	e449cd52a3c1e3faa74390456208421e4a04056d (diff)
download	pysaml2-4fcb94b6ed39fbc2a17d38e96160fa9116d889d4.tar.gz