From e9064a3d013abfb4c7b5653ff31b688332063a45 Mon Sep 17 00:00:00 2001 From: Dan Theisen Date: Oct 07 2016 21:49:48 +0000 Subject: Allow attributes to be mapped to URL's Do not split attribute mappings for URL attributes and filters in SP configuation page. This allows compatibility with Service Providers like Amazon AWS. Add test code for URL attribute mapping. Fix formatting of testmapping.py. Merges: #129 Signed-off-by: Dan Theisen Reviewed-by: Patrick Uiterwijk --- diff --git a/ipsilon/admin/common.py b/ipsilon/admin/common.py index 794ed73..adc0659 100644 --- a/ipsilon/admin/common.py +++ b/ipsilon/admin/common.py @@ -363,7 +363,11 @@ def get_complex_list_value(name, old_value, **kwargs): # perform requested changes for index, val in change.iteritems(): - val_list = val.split('/') + if val.startswith(('http://', 'https://')): + val_list = [val] + else: + val_list = val.split('/') + stripped = list() for v in val_list: stripped.append(v.strip()) @@ -431,7 +435,11 @@ def get_mapping_list_value(name, old_value, **kwargs): for k in 'from', 'to': if k in fields: val = fields[k] - val_list = val.split('/') + if val.startswith(('http://', 'https://')): + val_list = [val] + else: + val_list = val.split('/') + stripped = list() for v in val_list: stripped.append(v.strip()) diff --git a/tests/testmapping.py b/tests/testmapping.py index ac22627..d115207 100755 --- a/tests/testmapping.py +++ b/tests/testmapping.py @@ -214,9 +214,10 @@ if __name__ == '__main__': print "testmapping: Set default global mapping ...", try: - sess.set_attributes_and_mapping(idpname, - [['*', '*'], - ['fullname', 'namefull']]) + sess.set_attributes_and_mapping( + idpname, + [['*', '*'], + ['fullname', 'namefull']]) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) @@ -242,8 +243,10 @@ if __name__ == '__main__': print "testmapping: Set default allowed attributes ...", try: - sess.set_attributes_and_mapping(idpname, [], - ['namefull', 'givenname', 'surname']) + sess.set_attributes_and_mapping( + idpname, + [], + ['namefull', 'givenname', 'surname']) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) @@ -266,9 +269,10 @@ if __name__ == '__main__': print "testmapping: Set SP allowed attributes ...", try: - sess.set_attributes_and_mapping(idpname, [['*', '*']], - ['wholename', 'givenname', 'surname', - 'email', 'fullname'], sp['name']) + sess.set_attributes_and_mapping( + idpname, [['*', '*']], + ['wholename', 'givenname', 'surname', + 'email', 'fullname'], sp['name']) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) @@ -292,13 +296,14 @@ if __name__ == '__main__': print "testmapping: Set SP attribute mapping ...", try: - sess.set_attributes_and_mapping(idpname, - [['*', '*'], - ['fullname', 'wholename']], - ['wholename', 'givenname', - 'surname', - 'email', 'fullname'], - sp['name']) + sess.set_attributes_and_mapping( + idpname, + [['*', '*'], + ['fullname', 'wholename']], + ['wholename', 'givenname', + 'surname', + 'email', 'fullname'], + sp['name']) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) @@ -321,16 +326,54 @@ if __name__ == '__main__': else: print " SUCCESS" + print "testmapping: Set SP URL attribute mapping ...", + try: + sess.set_attributes_and_mapping( + idpname, + [['*', '*'], + ['fullname', 'http://localhost/SAML/Name'], + ['fullname', 'https://localhost/SAML/Name']], + ['http://localhost/SAML/Name', + 'https://localhost/SAML/Name', + 'givenname', + 'surname', + 'email', + 'fullname'], + sp['name']) + except Exception, e: # pylint: disable=broad-except + print >> sys.stderr, " ERROR: %s" % repr(e) + sys.exit(1) + else: + print " SUCCESS" + + print "testmapping: Test SP URL attribute mapping ...", + try: + expect = { + 'http://localhost/SAML/Name': 'Test User %s' % user, + 'https://localhost/SAML/Name': 'Test User %s' % user, + 'fullname': 'Test User %s' % user, + 'surname': user, + 'givenname': u'Test User δΈ€', + 'email': '%s@example.com' % user, + } + check_info_plugin(sess, idpname, spurl, expect) + except Exception, e: # pylint: disable=broad-except + print >> sys.stderr, " ERROR: %s" % repr(e) + sys.exit(1) + else: + print " SUCCESS" + print "testmapping: Set SP username mapping ...", try: - sess.set_attributes_and_mapping(idpname, - [['*', '*'], - ['fullname', 'wholename'], - ['email', '_username']], - ['wholename', 'givenname', - 'surname', - 'email', 'fullname'], - sp['name']) + sess.set_attributes_and_mapping( + idpname, + [['*', '*'], + ['fullname', 'wholename'], + ['email', '_username']], + ['wholename', 'givenname', + 'surname', + 'email', 'fullname'], + sp['name']) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1) @@ -356,9 +399,10 @@ if __name__ == '__main__': print "testmapping: Drop SP attribute mapping ...", try: - sess.set_attributes_and_mapping(idpname, [], - ['givenname', 'surname', 'email', - 'fullname'], sp['name']) + sess.set_attributes_and_mapping( + idpname, [], + ['givenname', 'surname', 'email', + 'fullname'], sp['name']) except Exception, e: # pylint: disable=broad-except print >> sys.stderr, " ERROR: %s" % repr(e) sys.exit(1)