Merge branch 'upstream' into attribute-generation

Author: leifj

doc/README.md

@@ -242,6 +242,18 @@ config:
         idp-entity-id1
             sp-entity-id1:
                 exclude: ["givenName"]
+
+
+The custom_attribute_release mechanism supports defaults based on idp and sp entity Id by specifying "" or "default"
+as the key in the dict. For instance in order to exclude givenName for any sp or idp do this:
+
+```yaml
+config:
+    config: [...]
+    custom_attribute_release:
+        "default":
+            "":
+                exclude: ["givenName"]
 
 
 #### Backend

src/satosa/backends/saml2.py

@@ -214,10 +214,16 @@ def _translate_response(self, response, state):
         issuer = response.response.issuer.text
 
         auth_info = AuthenticationInformation(auth_class_ref, timestamp, issuer)
-        internal_resp = InternalResponse(auth_info=auth_info)
+        internal_resp = SAMLInternalResponse(auth_info=auth_info)
 
         internal_resp.user_id = response.get_subject().text
         internal_resp.attributes = self.converter.to_internal(self.attribute_profile, response.ava)
+        
+        # The SAML response may not include a NameID
+        try:
+            internal_resp.name_id = response.assertion.subject.name_id
+        except AttributeError:
+            pass
 
         satosa_logging(logger, logging.DEBUG, "received attributes:\n%s" % json.dumps(response.ava, indent=4), state)
         return internal_resp
@@ -315,3 +321,32 @@ def get_metadata_desc(self):
 
             entity_descriptions.append(description)
         return entity_descriptions
+
+class SAMLInternalResponse(InternalResponse):
+    """
+    Like the parent InternalResponse, holds internal representation of 
+    service related data, but includes additional details relevant to
+    SAML interoperability.
+
+    :type name_id: instance of saml2.saml.NameID from pysaml2
+    """
+    def __init__(self, auth_info=None):
+        super().__init__(auth_info)
+
+        self.name_id = None
+
+    def to_dict(self):
+        """
+        Converts a SAMLInternalResponse object to a dict
+        :rtype: dict[str, dict[str, str] | str]
+        :return: A dict representation of the object
+        """
+        _dict = super().to_dict()
+
+        if self.name_id:
+            _dict['name_id'] = {self.name_id.format : self.name_id.text}
+        else:
+            _dict['name_id'] = None
+
+        return _dict
+

src/satosa/frontends/saml2.py

@@ -21,6 +21,7 @@
 from ..response import Response
 from ..response import ServiceError
 from ..saml_util import make_saml_response
+from ..util import get_dict_defaults
 
 logger = logging.getLogger(__name__)
 
@@ -271,9 +272,10 @@ def _handle_authn_response(self, context, internal_response, idp):
         else:
             auth_info["class_ref"] = internal_response.auth_info.auth_class_ref
 
+        auth_info["authn_auth"] = internal_response.auth_info.issuer
+
         if self.custom_attribute_release:
-            custom_release_per_idp = self.custom_attribute_release.get(internal_response.auth_info.issuer, {})
-            custom_release = custom_release_per_idp.get(resp_args["sp_entity_id"], {})
+            custom_release = get_dict_defaults(self.custom_attribute_release, internal_response.auth_info.issuer, resp_args["sp_entity_id"])
             attributes_to_remove = custom_release.get("exclude", [])
             for k in attributes_to_remove:
                 ava.pop(k, None)

src/satosa/util.py

@@ -7,6 +7,10 @@
 
 logger = logging.getLogger(__name__)
 
+def get_dict_defaults(d, *keys):
+    for key in keys:
+       d = d.get(key, d.get("", d.get("default", {})))
+    return d
 
 def rndstr(size=16, alphabet=""):
     """