From 7ede526883abea49e5a86070241daf516ec84e99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Thu, 11 Jun 2015 11:35:31 +0200
Subject: [PATCH] saml: handle empty user-roles attributes (#7532)

---
 wcs/qommon/saml2.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/wcs/qommon/saml2.py b/wcs/qommon/saml2.py
index 79e93df..1fd5a00 100644
--- a/wcs/qommon/saml2.py
+++ b/wcs/qommon/saml2.py
@@ -431,10 +431,14 @@ class Saml2Directory(Directory):
         m = {}
         try:
             for attribute in assertion.attributeStatement[0].attribute:
+                # always mark the attribute as being present, even if it won't
+                # have any value, as an empty value (role-slug) must not be
+                # ignored.
+                m.setdefault(attribute.name, [])
                 try:
                     d[attribute.name] = attribute.attributeValue[0].any[0].content
                     for attribute_value in attribute.attributeValue:
-                        l = m.setdefault(attribute.name, [])
+                        l = m[attribute.name]
                         l.append(attribute_value.any[0].content)
                 except IndexError:
                     pass
-- 
2.1.4