0006-qommon.saml2-use-new-idp-settings-to-fill-user-attri.patch

Benjamin Dauvergne, 21 octobre 2013 16:58

Voir les différences: en ligne côte à côte

Subject: [PATCH 6/6] qommon.saml2: use new idp settings to fill user
 attribute at SAML 2 login

 wcs/qommon/saml2.ptl |   52 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

             code += ':' + response.status.statusCode.statusCode.value
         return code
     def get_remote_provider_cfg(profile):
         '''Lookup the configuration for a remote provider given a profile'''
         remote_provider_key = misc.get_provider_key(profile.remoteProviderId)
         return get_cfg('idp', {}).get(remote_provider_key)
     class Saml2Directory(Directory):
         _q_exports = ['login',
                 'singleSignOnArtifact', 'singleSignOnPost', 'singleSignOnSOAP', 'singleSignOnRedirect',
-...
                 return error_page(_('Unknown error'))
             return self.sso_after_response(login)
         def fill_user_attributes(self, session, login, user):
             '''Fill user fields from SAML2 assertion attributes'''
             idp_cfg = get_remote_provider_cfg(login)
             # lookup for attributes in assertion and automatically create identity
             lasso_session = lasso.Session.newFromDump(session.lasso_session_dump)
             try:
                 assertion = lasso_session.getAssertions(None)[0]
             except:
                 get_logger().warn('failed to lookup assertion')
                 return user
             d = {}
             m = {}
             try:
                 for attribute in assertion.attributeStatement[0].attribute:
                     try:
                         d[attribute.name] = attribute.attributeValue[0].any[0].content
                         for attribute_value in attribute.attributeValue:
                             l = m.setdefault(attribute.name, [])
                             l.append(attribute_value.any[0].content)
                     except IndexError:
                         pass
             except IndexError:
                 pass
             admin_regexp = idp.get('admin-regexp', {})
             old_is_admin = user.is_admin
             if admin_regexp:
                 is_admin = False
                 for key, regexp in admin_regexp.iteritems():
                     for value in m.get(key, []):
                         if re.match(regexp, value):
                             break
                     else:
                         break
                 else:
                     is_admin = True
                 if user.is_admin != is_admin:
                     user.is_admin = is_admin
                     save = True
             attribute_mapping = idp.get('attribute-mapping', {})
             for key, field_id in attribute_mapping.iteritems():
                 if key in d and user.form_data.get(field_id) != d[key]:
                     user.form_data[field_id] = d[key]
                     save = True
             if save:
                 user.store()
         def lookup_user(self, session, login = None, name_id = None):
             if login:
                 ni = login.nameIdentifier.content
+    -

Projet

Général

Profil

Produits Entr'ouvert » w.c.s.

0006-qommon.saml2-use-new-idp-settings-to-fill-user-attri.patch