Skip to content

Commit 8d3fd70

Browse files
c00kiemon5terc00kiemon5ter
committed
Try to get the friendlyName of the required RequestedAttribute else derive it using the canonical Name
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
1 parent d201dc6 commit 8d3fd70

File tree

2 files changed

+27
-14
lines changed

2 files changed

+27
-14
lines changed

src/saml2/assertion.py

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -454,12 +454,16 @@ def get_entity_categories(self, sp_entity_id, mds=None, required=None):
454454

455455
def post_entity_categories(maps, sp_entity_id=None, mds=None, required=None):
456456
restrictions = {}
457-
if required is not None:
458-
_req = []
459-
for d in required:
460-
local_name = get_local_name(acs=self.acs, attr=d['name'], name_format=d['name_format'])
461-
_req.append(local_name.lower())
462-
required = _req
457+
required_friendly_names = [
458+
d.get('friendly_name') or get_local_name(
459+
acs=self.acs, attr=d['name'], name_format=d['name_format']
460+
)
461+
for d in (required or [])
462+
]
463+
required = [
464+
friendly_name.lower()
465+
for friendly_name in required_friendly_names
466+
]
463467

464468
if mds:
465469
ecs = mds.entity_categories(sp_entity_id)

tests/test_37_entity_categories.py

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@
1010
from saml2.mdstore import MetadataStore
1111
from saml2.saml import Attribute, NAME_FORMAT_URI
1212
from saml2.server import Server
13+
from saml2.md import RequestedAttribute
14+
1315

1416
ATTRCONV = ac_factory(full_path("attributemaps"))
1517
sec_config = config.Config()
@@ -234,6 +236,7 @@ def test_entity_category_import_from_path():
234236

235237

236238
def test_filter_ava_required_attributes_with_no_friendly_name():
239+
entity_id = "https://no-friendly-name.example.edu/saml2/metadata/"
237240
mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True)
238241
mds.imp(
239242
[
@@ -250,7 +253,6 @@ def test_filter_ava_required_attributes_with_no_friendly_name():
250253
"entity_categories": ["swamid"]
251254
}
252255
}
253-
254256
policy = Policy(policy_conf, mds)
255257

256258
ava = {
@@ -259,13 +261,20 @@ def test_filter_ava_required_attributes_with_no_friendly_name():
259261
"mail": ["derek@nyy.mlb.com"],
260262
"c": ["USA"],
261263
"eduPersonTargetedID": "foo!bar!xyz",
262-
"norEduPersonNIN": "19800101134"
264+
"norEduPersonNIN": "19800101134",
263265
}
264266

265-
# Require attribute eduPersonTargetedID but leave out friendlyName in attribute creation
266-
edu_person_targeted_id_oid = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10'
267-
edu_person_targeted_id = to_dict(
268-
Attribute(name=edu_person_targeted_id_oid,
269-
name_format=NAME_FORMAT_URI), onts=[mdattr])
270-
ava = policy.filter(ava, "https://no-friendly-name.example.edu/saml2/metadata/", required=[edu_person_targeted_id])
267+
attribute_requirements = mds.attribute_requirement(entity_id)
268+
required = attribute_requirements.get("required", [])
269+
optional = attribute_requirements.get("optional", [])
270+
271+
# ensure the requirements define the eduPersonTargetedID
272+
# without the friendlyName attribute
273+
oid_eptid = 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10'
274+
requested_attribute_eptid = RequestedAttribute(
275+
name=oid_eptid, name_format=NAME_FORMAT_URI, is_required='true'
276+
)
277+
assert required == [to_dict(requested_attribute_eptid, onts=[mdattr])]
278+
279+
ava = policy.filter(ava, entity_id, required=required, optional=optional)
271280
assert _eq(list(ava.keys()), ["eduPersonTargetedID"])

0 commit comments

Comments
 (0)