#129 do not split attribute mappings for URL attributes
Merged 7 years ago by dtheisen. Opened 7 years ago by dtheisen.
dtheisen/ipsilon master  into  master

file modified
+10 -2
@@ -363,7 +363,11 @@ 

  

      # perform requested changes

      for index, val in change.iteritems():

-         val_list = val.split('/')

+         if val.startswith(('http://', 'https://')):

+             val_list = [val]

+         else:

+             val_list = val.split('/')

+ 

          stripped = list()

          for v in val_list:

              stripped.append(v.strip())
@@ -431,7 +435,11 @@ 

          for k in 'from', 'to':

              if k in fields:

                  val = fields[k]

-                 val_list = val.split('/')

+                 if val.startswith(('http://', 'https://')):

+                     val_list = [val]

+                 else:

+                     val_list = val.split('/')

+ 

                  stripped = list()

                  for v in val_list:

                      stripped.append(v.strip())

file modified
+70 -26
@@ -214,9 +214,10 @@ 

  

      print "testmapping: Set default global mapping ...",

      try:

-         sess.set_attributes_and_mapping(idpname,

-                                         [['*', '*'],

-                                          ['fullname', 'namefull']])

+         sess.set_attributes_and_mapping(

+             idpname,

+             [['*', '*'],

+              ['fullname', 'namefull']])

      except Exception, e:  # pylint: disable=broad-except

          print >> sys.stderr, " ERROR: %s" % repr(e)

          sys.exit(1)
@@ -242,8 +243,10 @@ 

  

      print "testmapping: Set default allowed attributes ...",

      try:

-         sess.set_attributes_and_mapping(idpname, [],

-                                         ['namefull', 'givenname', 'surname'])

+         sess.set_attributes_and_mapping(

+             idpname,

+             [],

+             ['namefull', 'givenname', 'surname'])

      except Exception, e:  # pylint: disable=broad-except

          print >> sys.stderr, " ERROR: %s" % repr(e)

          sys.exit(1)
@@ -266,9 +269,10 @@ 

  

      print "testmapping: Set SP allowed attributes ...",

      try:

-         sess.set_attributes_and_mapping(idpname, [['*', '*']],

-                                         ['wholename', 'givenname', 'surname',

-                                         'email', 'fullname'], sp['name'])

+         sess.set_attributes_and_mapping(

+             idpname, [['*', '*']],

+             ['wholename', 'givenname', 'surname',

+              'email', 'fullname'], sp['name'])

      except Exception, e:  # pylint: disable=broad-except

          print >> sys.stderr, " ERROR: %s" % repr(e)

          sys.exit(1)
@@ -292,13 +296,14 @@ 

  

      print "testmapping: Set SP attribute mapping ...",

      try:

-         sess.set_attributes_and_mapping(idpname,

-                                         [['*', '*'],

-                                          ['fullname', 'wholename']],

-                                         ['wholename', 'givenname',

-                                          'surname',

-                                          'email', 'fullname'],

-                                         sp['name'])

+         sess.set_attributes_and_mapping(

+             idpname,

+             [['*', '*'],

+              ['fullname', 'wholename']],

+             ['wholename', 'givenname',

+              'surname',

+              'email', 'fullname'],

+             sp['name'])

      except Exception, e:  # pylint: disable=broad-except

          print >> sys.stderr, " ERROR: %s" % repr(e)

          sys.exit(1)
@@ -321,16 +326,54 @@ 

      else:

          print " SUCCESS"

  

+     print "testmapping: Set SP URL attribute mapping ...",

+     try:

+         sess.set_attributes_and_mapping(

+             idpname,

+             [['*', '*'],

+              ['fullname', 'http://localhost/SAML/Name'],

+              ['fullname', 'https://localhost/SAML/Name']],

+             ['http://localhost/SAML/Name',

+              'https://localhost/SAML/Name',

+              'givenname',

+              'surname',

+              'email',

+              'fullname'],

+             sp['name'])

+     except Exception, e:  # pylint: disable=broad-except

+         print >> sys.stderr, " ERROR: %s" % repr(e)

+         sys.exit(1)

+     else:

+         print " SUCCESS"

+ 

+     print "testmapping: Test SP URL attribute mapping ...",

+     try:

+         expect = {

+             'http://localhost/SAML/Name': 'Test User %s' % user,

+             'https://localhost/SAML/Name': 'Test User %s' % user,

+             'fullname': 'Test User %s' % user,

+             'surname': user,

+             'givenname': u'Test User 一',

+             'email': '%s@example.com' % user,

+         }

+         check_info_plugin(sess, idpname, spurl, expect)

+     except Exception, e:  # pylint: disable=broad-except

+         print >> sys.stderr, " ERROR: %s" % repr(e)

+         sys.exit(1)

+     else:

+         print " SUCCESS"

+ 

      print "testmapping: Set SP username mapping ...",

      try:

-         sess.set_attributes_and_mapping(idpname,

-                                         [['*', '*'],

-                                          ['fullname', 'wholename'],

-                                          ['email', '_username']],

-                                         ['wholename', 'givenname',

-                                          'surname',

-                                          'email', 'fullname'],

-                                         sp['name'])

+         sess.set_attributes_and_mapping(

+             idpname,

+             [['*', '*'],

+              ['fullname', 'wholename'],

+              ['email', '_username']],

+             ['wholename', 'givenname',

+              'surname',

+              'email', 'fullname'],

+             sp['name'])

      except Exception, e:  # pylint: disable=broad-except

          print >> sys.stderr, " ERROR: %s" % repr(e)

          sys.exit(1)
@@ -356,9 +399,10 @@ 

  

      print "testmapping: Drop SP attribute mapping ...",

      try:

-         sess.set_attributes_and_mapping(idpname, [],

-                                         ['givenname', 'surname', 'email',

-                                          'fullname'], sp['name'])

+         sess.set_attributes_and_mapping(

+             idpname, [],

+             ['givenname', 'surname', 'email',

+              'fullname'], sp['name'])

      except Exception, e:  # pylint: disable=broad-except

          print >> sys.stderr, " ERROR: %s" % repr(e)

          sys.exit(1)

This fixes the split logic for attribute mapping to allow attributes to be named after URL's beginning with http:// or https://

Just for clarification, this is to add support for the Amazon AWS SSO console, as documented here: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.htm

I would prefer to combine them like: val.startswith(('http://', 'https://')):

Note that val_list is not yet defined at this place. You probably want to do: val_list = [val]

rebased

7 years ago

rebased

7 years ago

rebased

7 years ago

rebased

7 years ago

rebased

7 years ago

Commit e9064a3 fixes this pull-request

Pull-Request has been merged by daniel.theisen@foresee.com

7 years ago