Allow for the specification of authn_instant and subject_locality in AuthnStatements.

Make it possible to tell the IdP to return a response even though the SP required attributes are not present.
author: Roland Hedberg <roland.hedberg@adm.umu.se> 2014-02-05 13:13:30 +0100
committer: Roland Hedberg <roland.hedberg@adm.umu.se> 2014-02-05 13:13:30 +0100
commit: 7570a10fe93723f1fa9c9eb5c5c4ad5051b19d2c (patch)
tree: 66b7c608d6a2a681369036a3f6a13bccc5030057 /src/saml2/assertion.py
parent: 2197431484978fcc8b9d14492ef5c5931d95bc1d (diff)
download: pysaml2-7570a10fe93723f1fa9c9eb5c5c4ad5051b19d2c.tar.gz
1 files changed, 36 insertions, 12 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py
index 7a78cdf9..4073b6b5 100644
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -578,7 +578,8 @@ class Assertion(dict):
                        authenticating_authority=factory(
                            saml.AuthenticatingAuthority, text=authn_auth))
 
-    def _authn_context_class_ref(self, authn_class, authn_auth=None):
+    @staticmethod
+    def _authn_context_class_ref(authn_class, authn_auth=None):
         """
         Construct the authn context with a authn context class reference
         :param authn_class: The authn context class reference
@@ -596,45 +597,62 @@ class Assertion(dict):
                            authn_context_class_ref=cntx_class)
         
     def _authn_statement(self, authn_class=None, authn_auth=None,
-                         authn_decl=None, authn_decl_ref=None):
+                         authn_decl=None, authn_decl_ref=None, authn_instant="",
+                         subject_locality=""):
         """
         Construct the AuthnStatement
         :param authn_class: Authentication Context Class reference
         :param authn_auth: Authenticating Authority
         :param authn_decl: Authentication Context Declaration
         :param authn_decl_ref: Authentication Context Declaration reference
+        :param authn_instant: When the Authentication was performed.
+            Assumed to be seconds since the Epoch.
+        :param subject_locality: Specifies the DNS domain name and IP address
+            for the system from which the assertion subject was apparently
+            authenticated.
         :return: An AuthnContext instance
         """
+        if authn_instant:
+            _instant = instant(time_stamp=authn_instant)
+        else:
+            _instant = instant()
+
         if authn_class:
-            return factory(
+            res = factory(
                 saml.AuthnStatement,
-                authn_instant=instant(),
+                authn_instant=_instant,
                 session_index=sid(),
                 authn_context=self._authn_context_class_ref(
                     authn_class, authn_auth))
         elif authn_decl:
-            return factory(
+            res = factory(
                 saml.AuthnStatement,
-                authn_instant=instant(),
+                authn_instant=_instant,
                 session_index=sid(),
                 authn_context=self._authn_context_decl(authn_decl, authn_auth))
         elif authn_decl_ref:
-            return factory(
+            res = factory(
                 saml.AuthnStatement,
-                authn_instant=instant(),
+                authn_instant=_instant,
                 session_index=sid(),
                 authn_context=self._authn_context_decl_ref(authn_decl_ref,
                                                            authn_auth))
         else:
-            return factory(
+            res = factory(
                 saml.AuthnStatement,
-                authn_instant=instant(),
+                authn_instant=_instant,
                 session_index=sid())
 
+        if subject_locality:
+            res.subject_locality = saml.SubjectLocality(text=subject_locality)
+
+        return res
+
     def construct(self, sp_entity_id, in_response_to, consumer_url,
                   name_id, attrconvs, policy, issuer, authn_class=None,
                   authn_auth=None, authn_decl=None, encrypt=None,
-                  sec_context=None, authn_decl_ref=None):
+                  sec_context=None, authn_decl_ref=None, authn_instant="",
+                  subject_locality=""):
         """ Construct the Assertion 
         
         :param sp_entity_id: The entityid of the SP
@@ -651,6 +669,10 @@ class Assertion(dict):
         :param encrypt: Whether to encrypt parts or all of the Assertion
         :param sec_context: The security context used when encrypting
         :param authn_decl_ref: An Authentication Context declaration reference
+        :param authn_instant: When the Authentication was performed
+        :param subject_locality: Specifies the DNS domain name and IP address
+            for the system from which the assertion subject was apparently
+            authenticated.
         :return: An Assertion instance
         """
 
@@ -677,7 +699,9 @@ class Assertion(dict):
 
         if authn_auth or authn_class or authn_decl or authn_decl_ref:
             _authn_statement = self._authn_statement(authn_class, authn_auth,
-                                                     authn_decl, authn_decl_ref)
+                                                     authn_decl, authn_decl_ref,
+                                                     authn_instant,
+                                                     subject_locality)
         else:
             _authn_statement = None
author	Roland Hedberg <roland.hedberg@adm.umu.se>	2014-02-05 13:13:30 +0100
committer	Roland Hedberg <roland.hedberg@adm.umu.se>	2014-02-05 13:13:30 +0100
commit	7570a10fe93723f1fa9c9eb5c5c4ad5051b19d2c (patch)
tree	66b7c608d6a2a681369036a3f6a13bccc5030057 /src/saml2/assertion.py
parent	2197431484978fcc8b9d14492ef5c5931d95bc1d (diff)
download	pysaml2-7570a10fe93723f1fa9c9eb5c5c4ad5051b19d2c.tar.gz