Adds configuration directive for RequestedAuthnContext #806

pandafy · c00kiemon5ter · commit 0228a5209571 · 2021-10-19T15:29:39.000+03:00
Closes #806
diff --git a/src/saml2/config.py b/src/saml2/config.py
@@ -104,6 +104,7 @@
     "sp_type",
     "sp_type_in_metadata",
     "requested_attributes",
+    "requested_authn_context",
 ]
 
 AA_IDP_ARGS = [
diff --git a/tests/test_31_config.py b/tests/test_31_config.py
@@ -7,7 +7,8 @@
 
 from saml2 import BINDING_HTTP_REDIRECT, BINDING_SOAP, BINDING_HTTP_POST
 from saml2.config import SPConfig, IdPConfig, Config
-
+from saml2.saml import AUTHN_PASSWORD_PROTECTED, AuthnContextClassRef
+from saml2.samlp import RequestedAuthnContext
 from saml2 import logger
 
 from pathutils import dotname, full_path
@@ -26,8 +27,14 @@
                 "urn:mace:example.com:saml:roland:idp": {
                     'single_sign_on_service':
                         {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect':
-                             'http://localhost:8088/sso/'}},
-            }
+                            'http://localhost:8088/sso/'}},
+            },
+            "requested_authn_context": RequestedAuthnContext(
+                    authn_context_class_ref=[
+                        AuthnContextClassRef(AUTHN_PASSWORD_PROTECTED),
+                    ],
+                    comparison="exact",
+                ),
         }
     },
     "key_file": full_path("test.key"),
@@ -217,6 +224,7 @@ def test_1():
                                              'http://localhost:8088/sso/'}}]
 
     assert c.only_use_keys_in_metadata
+    assert 'PasswordProtectedTransport' in c._sp_requested_authn_context.to_string().decode()
 
 
 def test_2():

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,7 @@`
`104`	`104`	`"sp_type",`
`105`	`105`	`"sp_type_in_metadata",`
`106`	`106`	`"requested_attributes",`
	`107`	`+ "requested_authn_context",`
`107`	`108`	`]`
`108`	`109`
`109`	`110`	`AA_IDP_ARGS = [`