11"""
2- SATOSA microservice that uses an identifier asserted by
2+ SATOSA microservice that uses an identifier asserted by
33the home organization SAML IdP as a key to search an LDAP
44directory for a record and then consume attributes from
55the record and assert them to the receiving SP.
@@ -121,9 +121,9 @@ def _construct_filter_value(self, candidate, data):
121121 Construct and return a LDAP directory search filter value from the
122122 candidate identifier.
123123
124- Argument 'canidate' is a dictionary with one required key and
124+ Argument 'canidate' is a dictionary with one required key and
125125 two optional keys:
126-
126+
127127 key required value
128128 --------------- -------- ---------------------------------
129129 attribute_names Y list of identifier names
@@ -138,7 +138,7 @@ def _construct_filter_value(self, candidate, data):
138138 If the attribute_names list consists of more than one identifier
139139 name then the values of the identifiers will be concatenated together
140140 to create the filter value.
141-
141+
142142 If one of the identifier names in the attribute_names is the string
143143 'name_id' then the NameID value with format name_id_format
144144 will be concatenated to the filter value.
@@ -174,9 +174,9 @@ def _construct_filter_value(self, candidate, data):
174174 if candidate ['name_id_format' ] in name_id :
175175 nameid_value = name_id [candidate ['name_id_format' ]]
176176
177- # Only add the NameID value asserted by the IdP if it is not already
177+ # Only add the NameID value asserted by the IdP if it is not already
178178 # in the list of values. This is necessary because some non-compliant IdPs
179- # have been known, for example, to assert the value of eduPersonPrincipalName
179+ # have been known, for example, to assert the value of eduPersonPrincipalName
180180 # in the value for SAML2 persistent NameID as well as asserting
181181 # eduPersonPrincipalName.
182182 if nameid_value not in values :
@@ -196,7 +196,7 @@ def _construct_filter_value(self, candidate, data):
196196 # to do so.
197197 if 'add_scope' in candidate :
198198 if candidate ['add_scope' ] == 'issuer_entityid' :
199- scope = data .to_dict ()[ ' auth_info' ][ ' issuer' ]
199+ scope = data .auth_info . issuer
200200 else :
201201 scope = candidate ['add_scope' ]
202202 satosa_logging (logger , logging .DEBUG , "Added scope {} to values" .format (scope ), context .state )
@@ -256,9 +256,9 @@ def _ldap_connection_factory(self, config):
256256
257257 try :
258258 connection = ldap3 .Connection (
259- server ,
260- bind_dn ,
261- bind_password ,
259+ server ,
260+ bind_dn ,
261+ bind_password ,
262262 auto_bind = True ,
263263 client_strategy = ldap3 .REUSABLE ,
264264 pool_size = pool_size ,
@@ -284,28 +284,28 @@ def _populate_attributes(self, config, record, context, data):
284284 if record ["attributes" ][attr ]:
285285 data .attributes [search_return_attributes [attr ]] = record ["attributes" ][attr ]
286286 satosa_logging (
287- logger ,
288- logging .DEBUG ,
287+ logger ,
288+ logging .DEBUG ,
289289 "Setting internal attribute {} with values {}" .format (
290- search_return_attributes [attr ],
290+ search_return_attributes [attr ],
291291 record ["attributes" ][attr ]
292- ),
292+ ),
293293 context .state
294294 )
295295 else :
296296 satosa_logging (
297- logger ,
298- logging .DEBUG ,
297+ logger ,
298+ logging .DEBUG ,
299299 "Not setting internal attribute {} because value {} is null or empty" .format (
300- search_return_attributes [attr ],
300+ search_return_attributes [attr ],
301301 record ["attributes" ][attr ]
302- ),
302+ ),
303303 context .state
304304 )
305305
306306 def _populate_input_for_name_id (self , config , record , context , data ):
307307 """
308- Use a record found in LDAP to populate input for
308+ Use a record found in LDAP to populate input for
309309 NameID generation.
310310 """
311311 user_id = ""
@@ -320,32 +320,32 @@ def _populate_input_for_name_id(self, config, record, context, data):
320320 value .sort ()
321321 user_id += "" .join (value )
322322 satosa_logging (
323- logger ,
324- logging .DEBUG ,
325- "Added attribute {} with values {} to input for NameID" .format (attr , v ),
323+ logger ,
324+ logging .DEBUG ,
325+ "Added attribute {} with values {} to input for NameID" .format (attr , value ),
326326 context .state
327327 )
328328 else :
329329 user_id += value
330330 satosa_logging (
331- logger ,
332- logging .DEBUG ,
333- "Added attribute {} with value {} to input for NameID" .format (attr , value ),
331+ logger ,
332+ logging .DEBUG ,
333+ "Added attribute {} with value {} to input for NameID" .format (attr , value ),
334334 context .state
335335 )
336336 if not user_id :
337337 satosa_logging (
338- logger ,
339- logging .WARNING ,
340- "Input for NameID is empty so not overriding default" ,
338+ logger ,
339+ logging .WARNING ,
340+ "Input for NameID is empty so not overriding default" ,
341341 context .state
342342 )
343343 else :
344344 data .user_id = user_id
345345 satosa_logging (
346- logger ,
347- logging .DEBUG ,
348- "Input for NameID is {}" .format (data .user_id ),
346+ logger ,
347+ logging .DEBUG ,
348+ "Input for NameID is {}" .format (data .user_id ),
349349 context .state
350350 )
351351
@@ -457,7 +457,7 @@ def process(self, context, data):
457457 # the entityIDs for the target SP and IdP used by the user
458458 # as query string parameters (URL encoded).
459459 encoded_sp_entity_id = urllib .parse .quote_plus (sp_entity_id )
460- encoded_idp_entity_id = urllib .parse .quote_plus (data .to_dict ()[ ' auth_info' ][ ' issuer' ] )
460+ encoded_idp_entity_id = urllib .parse .quote_plus (data .auth_info . issuer )
461461 url = "{}?sp={}&idp={}" .format (on_ldap_search_result_empty , encoded_sp_entity_id , encoded_idp_entity_id )
462462 satosa_logging (logger , logging .INFO , "Redirecting to {}" .format (url ), context .state )
463463 return Redirect (url )
0 commit comments