Fixed problematic logic.

author: Roland Hedberg <roland.hedberg@adm.umu.se> 2014-05-28 13:58:42 +0200
committer: Roland Hedberg <roland.hedberg@adm.umu.se> 2014-05-28 13:58:42 +0200
commit: 8286b6769d21531d4fea61b49927f1bca70029dc (patch)
tree: 1d3765d3ad339b1aa90aade3f799c4616d764f78 /src/saml2/assertion.py
parent: 20ceeb96919b6fff6bced7de546efb0272fec518 (diff)
download: pysaml2-8286b6769d21531d4fea61b49927f1bca70029dc.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py
index 86def2e2..788632db 100644
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -501,15 +501,16 @@ class Policy(object):
         if _rest is None:
             _rest = self.get_entity_categories(sp_entity_id, mdstore)
         logger.debug("filter based on: %s" % _rest)
-        ava = filter_attribute_value_assertions(ava, _rest)
+        _ava = filter_attribute_value_assertions(ava.copy(), _rest)
         
         if required or optional:
             logger.debug("required: %s, optional: %s" % (required, optional))
-            ava = filter_on_attributes(
-                ava, required, optional, self.acs,
+            ava1 = filter_on_attributes(
+                ava.copy(), required, optional, self.acs,
                 self.get_fail_on_missing_requested(sp_entity_id))
-        
-        return ava
+            _ava.update(ava1)
+
+        return _ava
     
     def restrict(self, ava, sp_entity_id, metadata=None):
         """ Identity attribute names are expected to be expressed in
author	Roland Hedberg <roland.hedberg@adm.umu.se>	2014-05-28 13:58:42 +0200
committer	Roland Hedberg <roland.hedberg@adm.umu.se>	2014-05-28 13:58:42 +0200
commit	8286b6769d21531d4fea61b49927f1bca70029dc (patch)
tree	1d3765d3ad339b1aa90aade3f799c4616d764f78 /src/saml2/assertion.py
parent	20ceeb96919b6fff6bced7de546efb0272fec518 (diff)
download	pysaml2-8286b6769d21531d4fea61b49927f1bca70029dc.tar.gz