From 20e2cfb7659ebdc0a4c68ccc9d173b471b213bc7 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Feb 14 2017 08:29:46 +0000
Subject: [PATCH 1/2] Add test to check explicit mapping


This test reproduces ticket #242: since we do not have a mapping
to _username, the nameid will be None, which leads to an AuthFailed.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

---

diff --git a/tests/testmapping.py b/tests/testmapping.py
index d115207..944c9d4 100755
--- a/tests/testmapping.py
+++ b/tests/testmapping.py
@@ -232,7 +232,7 @@ if __name__ == '__main__':
             'surname': user,
             'givenname': u'Test User 一',
             'email': '%s@example.com' % user,
-            'groups': user
+            'groups': user,
         }
         check_info_plugin(sess, idpname, spurl, expect)
     except Exception, e:  # pylint: disable=broad-except
@@ -363,6 +363,34 @@ if __name__ == '__main__':
     else:
         print " SUCCESS"
 
+    print "testmapping: Set SP explicit mapping ...",
+    try:
+        sess.set_attributes_and_mapping(
+            idpname,
+            [['fullname', 'wholename'],
+             ['email', 'email']],
+            ['wholename', 'email'],
+            sp['name'])
+    except Exception, e:  # pylint: disable=broad-except
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    else:
+        print " SUCCESS"
+
+    print "testmapping: Test SP explicit mapping ...",
+    try:
+        expect = {
+            'wholename': 'Test User %s' % user,
+            'email': '%s@example.com' % user,
+            'NAME_ID': user,
+        }
+        check_info_plugin(sess, idpname, spurl, expect)
+    except Exception, e:  # pylint: disable=broad-except
+        print >> sys.stderr, " ERROR: %s" % repr(e)
+        sys.exit(1)
+    else:
+        print " SUCCESS"
+
     print "testmapping: Set SP username mapping ...",
     try:
         sess.set_attributes_and_mapping(

From e7e6cddaa8ff5199e1dbd75e95f84ac91e935253 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Feb 14 2017 08:47:09 +0000
Subject: [PATCH 2/2] Add implicit _* -> _* mapping


This adds an always-active mapping of internal attributes to the mapped
dict.
These can still be overriden by the admin, but it makes sure that we
always have them at least.

Fixes: #242
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

---

diff --git a/ipsilon/util/policy.py b/ipsilon/util/policy.py
index 1d8adad..0501870 100644
--- a/ipsilon/util/policy.py
+++ b/ipsilon/util/policy.py
@@ -185,6 +185,13 @@ class Policy(Log):
         not_mapped = copy.deepcopy(attributes)
         mapped = dict()
 
+        # This is an implicit _* -> _* mapping.
+        # This is done because we expect certain internal attributes (_*) to be
+        # passed along always.
+        for k in attributes:
+            if k.startswith('_'):
+                mapped[k] = attributes[k]
+
         # If ignore_case is True,
         # then PD translates case insensitively prefixes
         PD = dict()