From 74b052f55ead3f711c9b346d1dc7564d6023d5a1 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Fri, 9 Dec 2022 11:11:08 +0100 Subject: add ability to get required subject id as a RequestedAttribute dict --- src/saml2/mdstore.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/saml2/mdstore.py b/src/saml2/mdstore.py index b2bae0a7..7519a20e 100644 --- a/src/saml2/mdstore.py +++ b/src/saml2/mdstore.py @@ -418,6 +418,17 @@ class MetaData: """ raise NotImplementedError + def subject_id_requirement(self, entity_id): + """ + Returns what subject identifier the SP requires if any + + :param entity_id: The entity id of the SP + :type entity_id: str + :return: RequestedAttribute dict or None + :rtype: Optional[dict] + """ + raise NotImplementedError + def dumps(self): return json.dumps(list(self.items()), indent=2) @@ -1290,6 +1301,32 @@ class MetadataStore(MetaData): if entity_id in _md: return _md.attribute_requirement(entity_id, index) + def subject_id_requirement(self, entity_id): + try: + entity_attributes = self.entity_attributes(entity_id) + except KeyError: + return None + + if "urn:oasis:names:tc:SAML:profiles:subject-id:req" in entity_attributes: + subject_id_req = entity_attributes["urn:oasis:names:tc:SAML:profiles:subject-id:req"][0] + if subject_id_req == "any" or subject_id_req == "pairwise-id": + return { + "__class__": "urn:oasis:names:tc:SAML:2.0:metadata&RequestedAttribute", + "name": "urn:oasis:names:tc:SAML:attribute:pairwise-id", + "name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "friendly_name": "pairwise-id", + "is_required": "true", + } + elif subject_id_req == "subject-id": + return { + "__class__": "urn:oasis:names:tc:SAML:2.0:metadata&RequestedAttribute", + "name": "urn:oasis:names:tc:SAML:attribute:subject-id", + "name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "friendly_name": "subject-id", + "is_required": "true", + } + return None + def keys(self): res = [] for _md in self.metadata.values(): -- cgit v1.2.1