Allow adding an AuthnStatement instance to the Assertion construct and Server authn_response methods.

Author: Roland Hedberg

src/saml2/assertion.py

@@ -666,7 +666,7 @@ def construct(self, sp_entity_id, in_response_to, consumer_url,
                   name_id, attrconvs, policy, issuer, authn_class=None,
                   authn_auth=None, authn_decl=None, encrypt=None,
                   sec_context=None, authn_decl_ref=None, authn_instant="",
-                  subject_locality=""):
+                  subject_locality="", authn_statem=None):
         """ Construct the Assertion
 
         :param sp_entity_id: The entityid of the SP
@@ -687,6 +687,7 @@ def construct(self, sp_entity_id, in_response_to, consumer_url,
         :param subject_locality: Specifies the DNS domain name and IP address
             for the system from which the assertion subject was apparently
             authenticated.
+        :param authn_statem: A AuthnStatement instance
         :return: An Assertion instance
         """
 
@@ -711,15 +712,16 @@ def construct(self, sp_entity_id, in_response_to, consumer_url,
         # start using now and for some time
         conds = policy.conditions(sp_entity_id)
 
-        if authn_auth or authn_class or authn_decl or authn_decl_ref:
+        if authn_statem:
+            _authn_statement = authn_statem
+        elif authn_auth or authn_class or authn_decl or authn_decl_ref:
             _authn_statement = authn_statement(authn_class, authn_auth,
                                                authn_decl, authn_decl_ref,
                                                authn_instant,
                                                subject_locality)
         else:
             _authn_statement = None
 
-
         _ass = assertion_factory(
             issuer=issuer,
             conditions=conds,

src/saml2/server.py

@@ -282,7 +282,8 @@ def _authn_response(self, in_response_to, consumer_url,
                         sp_entity_id, identity=None, name_id=None,
                         status=None, authn=None, issuer=None, policy=None,
                         sign_assertion=False, sign_response=False,
-                        best_effort=False, encrypt_assertion=False, encrypt_cert=None):
+                        best_effort=False, encrypt_assertion=False,
+                        encrypt_cert=None, authn_statement=None):
         """ Create a response. A layer of indirection.
 
         :param in_response_to: The session identifier of the request
@@ -328,6 +329,12 @@ def _authn_response(self, in_response_to, consumer_url,
                                       self.config.attribute_converters,
                                       policy, issuer=_issuer,
                                       **authn_args)
+        elif authn_statement:  # Got a complete AuthnStatement
+            assertion = ast.construct(sp_entity_id, in_response_to,
+                                      consumer_url, name_id,
+                                      self.config.attribute_converters,
+                                      policy, issuer=_issuer,
+                                      authn_statem=authn_statement)
         else:
             assertion = ast.construct(sp_entity_id, in_response_to,
                                       consumer_url, name_id,
@@ -427,7 +434,8 @@ def create_attribute_response(self, identity, in_response_to, destination,
     def create_authn_response(self, identity, in_response_to, destination,
                               sp_entity_id, name_id_policy=None, userid=None,
                               name_id=None, authn=None, issuer=None,
-                              sign_response=None, sign_assertion=None, encrypt_cert=None, encrypt_assertion=None,
+                              sign_response=None, sign_assertion=None,
+                              encrypt_cert=None, encrypt_assertion=None,
                               **kwargs):
         """ Constructs an AuthenticationResponse