22SATOSA microservice that uses a configured ordered list of
33attributes that may be asserted by a SAML IdP to construct
44a primary identifier or key for the user and assert it as
5- the value for a configured attribute, for example uid.
5+ the value for a configured attribute, for example uid.
66"""
77
88import satosa .micro_services .base
@@ -34,7 +34,7 @@ def constructPrimaryIdentifier(self, data, ordered_identifier_candidates):
3434 Construct and return a primary identifier value from the
3535 data asserted by the IdP using the ordered list of candidates
3636 from the configuration.
37- """
37+ """
3838 logprefix = PrimaryIdentifier .logprefix
3939 context = self .context
4040
@@ -63,9 +63,9 @@ def constructPrimaryIdentifier(self, data, ordered_identifier_candidates):
6363 if candidate ['name_id_format' ] in name_id :
6464 nameid_value = name_id [candidate ['name_id_format' ]]
6565
66- # Only add the NameID value asserted by the IdP if it is not already
66+ # Only add the NameID value asserted by the IdP if it is not already
6767 # in the list of values. This is necessary because some non-compliant IdPs
68- # have been known, for example, to assert the value of eduPersonPrincipalName
68+ # have been known, for example, to assert the value of eduPersonPrincipalName
6969 # in the value for SAML2 persistent NameID as well as asserting
7070 # eduPersonPrincipalName.
7171 if nameid_value not in values :
@@ -85,7 +85,7 @@ def constructPrimaryIdentifier(self, data, ordered_identifier_candidates):
8585 # to do so.
8686 if 'add_scope' in candidate :
8787 if candidate ['add_scope' ] == 'issuer_entityid' :
88- scope = data .to_dict ()[ ' auth_info' ][ ' issuer' ]
88+ scope = data .auth_info . issuer
8989 else :
9090 scope = candidate ['add_scope' ]
9191 satosa_logging (logger , logging .DEBUG , "{} Added scope {} to values" .format (logprefix , scope ), context .state )
@@ -118,7 +118,7 @@ def process(self, context, data):
118118
119119 # Find the entityID for the IdP that issued the assertion
120120 try :
121- idpEntityID = data .to_dict ()[ ' auth_info' ][ ' issuer' ]
121+ idpEntityID = data .auth_info . issuer
122122 except KeyError as err :
123123 satosa_logging (logger , logging .ERROR , "{} Unable to determine the entityID for the IdP issuer" .format (logprefix ), context .state )
124124 return super ().process (context , data )
@@ -133,7 +133,7 @@ def process(self, context, data):
133133 if spEntityID in self .config :
134134 config = self .config [spEntityID ]
135135 satosa_logging (logger , logging .DEBUG , "{} For SP {} using configuration {}" .format (logprefix , spEntityID , config ), context .state )
136-
136+
137137 # Obtain configuration details from the per-SP configuration or the default configuration
138138 try :
139139 if 'ordered_identifier_candidates' in config :
@@ -179,11 +179,11 @@ def process(self, context, data):
179179 if not primary_identifier_val :
180180 satosa_logging (logger , logging .WARN , "{} No primary identifier found" .format (logprefix ), context .state )
181181 if on_error :
182- # Redirect to the configured error handling service with
182+ # Redirect to the configured error handling service with
183183 # the entityIDs for the target SP and IdP used by the user
184184 # as query string parameters (URL encoded).
185185 encodedSpEntityID = urllib .parse .quote_plus (spEntityID )
186- encodedIdpEntityID = urllib .parse .quote_plus (data .to_dict ()[ ' auth_info' ][ ' issuer' ] )
186+ encodedIdpEntityID = urllib .parse .quote_plus (data .auth_info . issuer )
187187 url = "{}?sp={}&idp={}" .format (on_error , encodedSpEntityID , encodedIdpEntityID )
188188 satosa_logging (logger , logging .INFO , "{} Redirecting to {}" .format (logprefix , url ), context .state )
189189 return Redirect (url )
0 commit comments