Merge pull request #99 from leifj/attribute-filter-config

enable defaults for custom attribute release using '' or 'default' key

Author: johanlundberg

doc/README.md

@@ -242,6 +242,18 @@ config:
         idp-entity-id1
             sp-entity-id1:
                 exclude: ["givenName"]
+
+
+The custom_attribute_release mechanism supports defaults based on idp and sp entity Id by specifying "" or "default"
+as the key in the dict. For instance in order to exclude givenName for any sp or idp do this:
+
+```yaml
+config:
+    config: [...]
+    custom_attribute_release:
+        "default":
+            "":
+                exclude: ["givenName"]
 
 
 #### Backend

src/satosa/frontends/saml2.py

@@ -21,6 +21,7 @@
 from ..response import Response
 from ..response import ServiceError
 from ..saml_util import make_saml_response
+from ..util import get_dict_defaults
 
 logger = logging.getLogger(__name__)
 
@@ -274,8 +275,7 @@ def _handle_authn_response(self, context, internal_response, idp):
         auth_info["authn_auth"] = internal_response.auth_info.issuer
 
         if self.custom_attribute_release:
-            custom_release_per_idp = self.custom_attribute_release.get(internal_response.auth_info.issuer, {})
-            custom_release = custom_release_per_idp.get(resp_args["sp_entity_id"], {})
+            custom_release = get_dict_defaults(self.custom_attribute_release, internal_response.auth_info.issuer, resp_args["sp_entity_id"])
             attributes_to_remove = custom_release.get("exclude", [])
             for k in attributes_to_remove:
                 ava.pop(k, None)

src/satosa/util.py

@@ -7,6 +7,10 @@
 
 logger = logging.getLogger(__name__)
 
+def get_dict_defaults(d, *keys):
+    for key in keys:
+       d = d.get(key, d.get("", d.get("default", {})))
+    return d
 
 def rndstr(size=16, alphabet=""):
     """