From 5eb48c3f6c82889c6a3f8b950ac9848600dc5380 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@sunet.se>
Date: Fri, 9 Dec 2022 11:11:53 +0100
Subject: add requested subject id to SPs requested attributes

---
 src/saml2/assertion.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py
index 53f917be..4df0cf3c 100644
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -556,11 +556,16 @@ class Policy:
 
         metadata_store = metadata or self.metadata_store
         spec = metadata_store.attribute_requirement(sp_entity_id) or {} if metadata_store else {}
+        required_attributes = spec.get("required", [])
+        optional_attributes = spec.get("optional", [])
+        required_subject_id = metadata_store.subject_id_requirement(sp_entity_id) if metadata_store else None
+        if required_subject_id:
+            required_attributes.append(required_subject_id)
         return self.filter(
             ava,
             sp_entity_id,
-            required=spec.get("required"),
-            optional=spec.get("optional"),
+            required=required_attributes or None,
+            optional=optional_attributes or None,
         )
 
     def conditions(self, sp_entity_id):
-- 
cgit v1.2.1