From 6ccb53530f6a9033bcb1dc7ae48e68b4f9698407 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 31 Mar 2015 09:28:45 +0200 Subject: [PATCH] idp/saml: collapse attribute values If two AttributeValue for the same value, name and name format would be created, we skip its creation. It allows to configure attributes for django_user_username and LDAP uid at the same without getting two times the same value, as LDAP users also expose the Django user attributes. --- src/authentic2/idp/saml/saml2_endpoints.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/authentic2/idp/saml/saml2_endpoints.py b/src/authentic2/idp/saml/saml2_endpoints.py index afdc680..81e2f29 100644 --- a/src/authentic2/idp/saml/saml2_endpoints.py +++ b/src/authentic2/idp/saml/saml2_endpoints.py @@ -202,22 +202,28 @@ def add_attributes(request, assertion, provider): 'user': request.user, 'service': provider.entity_id, '__wanted_attributes': wanted_attributes, }) if not assertion.attributeStatement: assertion.attributeStatement = [lasso.Saml2AttributeStatement()] attribute_statement = assertion.attributeStatement[0] saml_attributes = list(attribute_statement.attribute) + seen = set() for definition in qs: + value = ctx.get(definition.attribute_name) + key = (definition.name, definition.name_format, value) + if key in seen: + continue + seen.add(key) saml_attribute = definition.to_lasso_attribute(ctx) if not saml_attribute: continue - logger.debug('adding attribute %r with value %r', - definition.name, ctx.get(definition.attribute_name)) + logger.debug('adding attribute %r with value %r', definition.name, + value) saml_attributes.append(saml_attribute) attribute_statement.attribute = saml_attributes def saml2_add_attribute_values(assertion, attributes): if not attributes: logger.info("\ there are no attributes to add") -- 1.9.1