IdentityPython
diff --git a/‎example/README
Lines changed: 5 additions & 1 deletion b/‎example/README
Lines changed: 5 additions & 1 deletion
diff --git a/‎example/all.sh
Lines changed: 37 additions & 0 deletions b/‎example/all.sh
Lines changed: 37 additions & 0 deletions
diff --git a/‎example/run.sh
Lines changed: 0 additions & 16 deletions b/‎example/run.sh
Lines changed: 0 additions & 16 deletions
diff --git a/‎example/sp-wsgi/conf.py renamed to ‎example/sp-wsgi/conf.py.example
Lines changed: 0 additions & 2 deletions b/‎example/sp-wsgi/conf.py renamed to ‎example/sp-wsgi/conf.py.example
Lines changed: 0 additions & 2 deletions
diff --git a/‎setup.py
Lines changed: 1 addition & 1 deletion b/‎setup.py
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/saml2/assertion.py
Lines changed: 36 additions & 24 deletions b/‎src/saml2/assertion.py
Lines changed: 36 additions & 24 deletions
diff --git a/‎src/saml2/attribute_converter.py
Lines changed: 7 additions & 0 deletions b/‎src/saml2/attribute_converter.py
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/saml2/attributemaps/saml_uri.py
Lines changed: 1 addition & 0 deletions b/‎src/saml2/attributemaps/saml_uri.py
Lines changed: 1 addition & 0 deletions
@@ -21,6 +21,10 @@ To make it easy, for me :-), both the IdP and the SP uses the same keys.
 
 To run the setup do
 
-./run.sh
+./all.sh start
 
 and then use your favourit webbrowser to look at "http://localhost:8087/whoami"
+
+./all stop
+
+will of course stop your IdP and SP.
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+startme() {
+    cd sp-wsgi
+    if [ ! -f conf.py ] ; then
+        cp conf.py.example conf.py
+    fi
+    ../../tools/make_metadata.py conf > sp.xml
+
+    cd ../idp2
+    if [ ! -f idp_conf.py ] ; then
+        cp idp_conf.py.example conf.py
+    fi
+    ../../tools/make_metadata.py idp_conf > idp.xml
+
+    cd ../sp-wsgi
+    ./sp.py conf &
+
+    cd ../idp2
+    ./idp.py idp_conf &
+
+    cd ..
+}
+
+stopme() {
+    pkill -f "sp.py"
+    pkill -f "idp.py"
+}
+
+case "$1" in
+    start)   startme ;;
+    stop)    stopme ;;
+    restart) stopme; startme ;;
+    *) echo "usage: $0 start|stop|restart" >&2
+       exit 1
+       ;;
+esac
@@ -35,7 +35,5 @@
     "cert_file": "pki/mycert.pem",
     "xmlsec_binary": xmlsec_path,
     "metadata": {"local": ["../idp2/idp.xml"]},
-    #"metadata": {"mdfile": ["./swamid2.md"]},
-    #"metadata": {"local": ["./swamid-2.0.xml"]},
     "name_form": NAME_FORMAT_URI,
 }
@@ -66,7 +66,7 @@ def run_tests(self):
 
 setup(
     name='pysaml2',
-    version='2.0.0beta',
+    version='2.0.1beta',
     description='Python implementation of SAML Version 2 to be used in a WSGI environment',
     # long_description = read("README"),
     author='Roland Hedberg',
 
@@ -24,7 +24,7 @@
 from saml2 import saml
 
 from saml2.time_util import instant, in_a_while
-from saml2.attribute_converter import from_local
+from saml2.attribute_converter import from_local, get_local_name
 from saml2.s_utils import sid, MissingValue
 from saml2.s_utils import factory
 from saml2.s_utils import assertion_factory
@@ -78,7 +78,7 @@ def _match(attr, ava):
     return None
 
 
-def filter_on_attributes(ava, required=None, optional=None):
+def filter_on_attributes(ava, required=None, optional=None, acs=None):
     """ Filter
     
     :param ava: An attribute value assertion as a dictionary
@@ -93,27 +93,33 @@ def filter_on_attributes(ava, required=None, optional=None):
     if required is None:
         required = []
 
+    nform = "friendly_name"
     for attr in required:
-        found = False
-        nform = ""
-        for nform in ["friendly_name", "name"]:
-            try:
-                _fn = _match(attr[nform], ava)
-            except KeyError:
-                pass
+        try:
+            _name = attr[nform]
+        except KeyError:
+            if nform == "friendly_name":
+                _name = get_local_name(acs, attr["name"],
+                                       attr["name_format"])
             else:
-                if _fn:
-                    try:
-                        values = [av["text"] for av in attr["attribute_value"]]
-                    except KeyError:
-                        values = []
-                    res[_fn] = _filter_values(ava[_fn], values, True)
-                    found = True
-                    break
+                continue
+
+        _fn = _match(_name, ava)
+        if not _fn:  # In the unlikely case that someone has provided us
+                     # with URIs as attribute names
+            _fn = _match(attr["name"], ava)
 
-        if not found:
-            raise MissingValue("Required attribute missing: '%s'" % (
-                attr[nform],))
+        if _fn:
+            try:
+                values = [av["text"] for av in attr["attribute_value"]]
+            except KeyError:
+                values = []
+            res[_fn] = _filter_values(ava[_fn], values, True)
+            continue
+        else:
+            desc = "Required attribute missing: '%s' (%s)" % (attr["name"],
+                                                              _name)
+            raise MissingValue(desc)
 
     if optional is None:
         optional = []
@@ -311,7 +317,8 @@ def __init__(self, restrictions=None):
             self.compile(restrictions)
         else:
             self._restrictions = None
-    
+        self.acs = []
+
     def compile(self, restrictions):
         """ This is only for IdPs or AAs, and it's about limiting what
         is returned to the SP.
@@ -484,7 +491,8 @@ def filter(self, ava, sp_entity_id, mdstore, required=None, optional=None):
         ava = filter_attribute_value_assertions(ava, _rest)
 
         if required or optional:
-            ava = filter_on_attributes(ava, required, optional)
+            logger.debug("required: %s, optional: %s" % (required, optional))
+            ava = filter_on_attributes(ava, required, optional, self.acs)
 
         return ava
 
@@ -540,8 +548,10 @@ class Assertion(dict):
 
     def __init__(self, dic=None):
         dict.__init__(self, dic)
-    
-    def _authn_context_decl(self, decl, authn_auth=None):
+        self.acs = []
+
+    @staticmethod
+    def _authn_context_decl(decl, authn_auth=None):
         """
         Construct the authn context with a authn context declaration
         :param decl: The authn context declaration
@@ -726,6 +736,8 @@ def apply_policy(self, sp_entity_id, policy, metadata=None):
         :param metadata: Metadata to use
         :return: The resulting AVA after the policy is applied
         """
+
+        policy.acs = self.acs
         ava = policy.restrict(self, sp_entity_id, metadata)
         self.update(ava)
         return ava
@@ -255,6 +255,13 @@ def to_local_name(acs, attr):
     return attr.friendly_name
 
 
+def get_local_name(acs, attr, name_format):
+    for aconv in acs:
+        #print ac.format, name_format
+        if aconv.name_format == name_format:
+            return aconv._fro[attr]
+
+
 def d_to_local_name(acs, attr):
     """
     :param acs: List of AttributeConverter instances
 
@@ -177,6 +177,7 @@
         'edupersonaffiliation': EDUPERSON_OID+'1',
         'eduPersonPrincipalName': EDUPERSON_OID+'6',
         'edupersonprincipalname': EDUPERSON_OID+'6',
+        'eppn': EDUPERSON_OID+'6',
         'localityName': X500ATTR_OID+'7',
         'owner': X500ATTR_OID+'32',
         'norEduOrgUnitUniqueNumber': NOREDUPERSON_OID+'2',
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,5 @@`
`35`	`35`	`"cert_file": "pki/mycert.pem",`
`36`	`36`	`"xmlsec_binary": xmlsec_path,`
`37`	`37`	`"metadata": {"local": ["../idp2/idp.xml"]},`
`38`		`- #"metadata": {"mdfile": ["./swamid2.md"]},`
`39`		`- #"metadata": {"local": ["./swamid-2.0.xml"]},`
`40`	`38`	`"name_form": NAME_FORMAT_URI,`
`41`	`39`	`}`