Skip to content

enable defaults for custom attribute release using '' or 'default' key #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 30, 2017
Merged

enable defaults for custom attribute release using '' or 'default' key #99

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions doc/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,18 @@ config:
idp-entity-id1
sp-entity-id1:
exclude: ["givenName"]


The custom_attribute_release mechanism supports defaults based on idp and sp entity Id by specifying "" or "default"
as the key in the dict. For instance in order to exclude givenName for any sp or idp do this:

```yaml
config:
config: [...]
custom_attribute_release:
"default":
"":
exclude: ["givenName"]


#### Backend
Expand Down
4 changes: 2 additions & 2 deletions src/satosa/frontends/saml2.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
from ..response import Response
from ..response import ServiceError
from ..saml_util import make_saml_response
from ..util import get_dict_defaults

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -272,8 +273,7 @@ def _handle_authn_response(self, context, internal_response, idp):
auth_info["class_ref"] = internal_response.auth_info.auth_class_ref

if self.custom_attribute_release:
custom_release_per_idp = self.custom_attribute_release.get(internal_response.auth_info.issuer, {})
custom_release = custom_release_per_idp.get(resp_args["sp_entity_id"], {})
custom_release = get_dict_defaults(self.custom_attribute_release, internal_response.auth_info.issuer, resp_args["sp_entity_id"])
attributes_to_remove = custom_release.get("exclude", [])
for k in attributes_to_remove:
ava.pop(k, None)
Expand Down
4 changes: 4 additions & 0 deletions src/satosa/util.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@

logger = logging.getLogger(__name__)

def get_dict_defaults(d, *keys):
for key in keys:
d = d.get(key, d.get("", d.get("default", {})))
return d
Copy link
Contributor

@johanlundberg johanlundberg May 30, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Am I understanding correctly that you want to accomplish this in other words?

def get_dict_defaults(d, *keys):
    for key in keys:
        if key in d:
            return d[key]
        elif '' in d or 'default' in d:
            return d.get('', d.get('default'))
    return dict()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. I want to traverse the entire length of the "key chain" finding the most specific branch.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically this is the _config function I'm using in my two other PRs for attribute authz and attribute generation. Its a pattern for config that I think @skoranda uses too in places - esp when you need to override behaviour specified by metadata on a per-Idp, per-sp+idp or globally

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I get it, you want to reuse d and the keys are in hierarchical order.


def rndstr(size=16, alphabet=""):
"""
Expand Down