diff options
| author | Scott Koranda <skoranda@gmail.com> | 2019-06-04 12:41:13 -0500 |
|---|---|---|
| committer | Scott Koranda <skoranda@gmail.com> | 2019-06-04 12:41:13 -0500 |
| commit | 634644e94c33faafe1eaf008a3ed3eaca99aa5d6 (patch) | |
| tree | a13bb992cafb1561268932ba94ced8aa9728fbbd /src | |
| parent | 1cc23fd3b93d82bd557a8595fdb1aac91f204c66 (diff) | |
| download | pysaml2-634644e94c33faafe1eaf008a3ed3eaca99aa5d6.tar.gz | |
Enable NameQualifier and SPNameQualifier attributes for ePTID
The attribute value for eduPersonTargetedID (ePTID) is a NameID
element. The SAML specification allows the NameID element to include
the two optional attributes 'NameQualifier' and 'SPNameQualifier'. This
patch enables specifying a dictionary as the internal or local attribute
value instead of a string. When the local attribute value is a
dictionary with keys 'value', 'NameQualifier', and 'SPNameQualifier'
then the resulting XML NameID element will include the 'NameQualifier'
and 'SPNameQualifier' attributes with values taken from the values
of the dictionary. The value for the NameID element is taken from the
value associated with tthe 'value' key.
Diffstat (limited to 'src')
| -rw-r--r-- | src/saml2/attribute_converter.py | 42 |
1 files changed, 36 insertions, 6 deletions
diff --git a/src/saml2/attribute_converter.py b/src/saml2/attribute_converter.py index 4d411597..cd40fe79 100644 --- a/src/saml2/attribute_converter.py +++ b/src/saml2/attribute_converter.py @@ -432,12 +432,7 @@ class AttributeConverter(object): if name: if name == "urn:oid:1.3.6.1.4.1.5923.1.1.1.10": # special case for eduPersonTargetedID - attr_value = [] - for v in value: - extension_element = ExtensionElement("NameID", NAMESPACE, - attributes={'Format': NAMEID_FORMAT_PERSISTENT}, text=v) - attrval = saml.AttributeValue(extension_elements=[extension_element]) - attr_value.append(attrval) + attr_value = self.to_eptid_value(value) else: attr_value = do_ava(value) attributes.append(factory(saml.Attribute, @@ -452,6 +447,41 @@ class AttributeConverter(object): return attributes + def to_eptid_value(self, value): + """ + Special handling for the attribute with name + urn:oid:1.3.6.1.4.1.5923.1.1.1.10, usually known by the friendly + name eduPersonTargetedID. Create the AttributeValue instance(s) + for the attribute. + + value is either a string or a dictionary with keys 'value', + 'NameQualifier', and 'SPNameQualifier'. + + Returns a list of AttributeValue instances. + """ + attribute_values = [] + + for v in value: + if isinstance(v, dict): + element_attributes = { + 'Format': NAMEID_FORMAT_PERSISTENT, + 'NameQualifier': v['NameQualifier'], + 'SPNameQualifier': v['SPNameQualifier'] + } + text = v['value'] + else: + element_attributes = {'Format': NAMEID_FORMAT_PERSISTENT} + text = v + + element = ExtensionElement("NameID", NAMESPACE, element_attributes, + text=text) + + attrval = saml.AttributeValue(extension_elements=[element]) + + attribute_values.append(attrval) + + return attribute_values + class AttributeConverterNOOP(AttributeConverter): """ Does a NOOP conversion, that is no conversion is made """ |