Added tool to keep attributemaps in sync. Ran it on the standard maps.

Author: Roland Hedberg

src/saml2/attributemaps/adfs_v1x.py

@@ -1,20 +1,18 @@
-# See http://technet.microsoft.com/en-us/library/cc733065(v=ws.10).aspx
-# and http://technet.microsoft.com/en-us/library/ee913589(v=ws.10).aspx
-# for information regarding the default claim types supported by
-# Microsoft ADFS v1.x.
+CLAIMS = 'http://schemas.xmlsoap.org/claims/'
+
 
 MAP = {
     "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
-    "fro": {
-        'http://schemas.xmlsoap.org/claims/commonname': 'commonName',
-        'http://schemas.xmlsoap.org/claims/emailaddress': 'emailAddress',
-        'http://schemas.xmlsoap.org/claims/group': 'group',
-        'http://schemas.xmlsoap.org/claims/upn': 'upn',
-        },
-    "to": {
-        'commonName': 'http://schemas.xmlsoap.org/claims/commonname',
-        'emailAddress': 'http://schemas.xmlsoap.org/claims/emailaddress',
-        'group': 'http://schemas.xmlsoap.org/claims/group',
-        'upn': 'http://schemas.xmlsoap.org/claims/upn',
+    'fro': {
+        CLAIMS+'commonname': 'commonName',
+        CLAIMS+'emailaddress': 'emailAddress',
+        CLAIMS+'group': 'group',
+        CLAIMS+'upn': 'upn',
+    },
+    'to': {
+        'commonName': CLAIMS+'commonname',
+        'emailAddress': CLAIMS+'emailaddress',
+        'group': CLAIMS+'group',
+        'upn': CLAIMS+'upn',
     }
 }

src/saml2/attributemaps/adfs_v20.py

@@ -1,47 +1,49 @@
-# See http://technet.microsoft.com/en-us/library/ee913589(v=ws.10).aspx
-# for information regarding the default claim types supported by
-# Microsoft ADFS v2.0.
+CLAIMS = 'http://schemas.xmlsoap.org/claims/'
+COM_WS_CLAIMS = 'http://schemas.xmlsoap.com/ws/2005/05/identity/claims/'
+MS_CLAIMS = 'http://schemas.microsoft.com/ws/2008/06/identity/claims/'
+ORG_WS_CLAIMS = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/'
+
 
 MAP = {
     "identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
-    "fro": {
-        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress': 'emailAddress',
-        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname': 'givenName',
-        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name': 'name',
-        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn': 'upn',
-        'http://schemas.xmlsoap.org/claims/commonname': 'commonName',
-        'http://schemas.xmlsoap.org/claims/group': 'group',
-        'http://schemas.microsoft.com/ws/2008/06/identity/claims/role': 'role',
-        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname': 'surname',
-        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier': 'privatePersonalId',
-        'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier': 'nameId',
-        'http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod': 'authenticationMethod',
-        'http://schemas.xmlsoap.com/ws/2005/05/identity/claims/denyonlysid': 'denyOnlySid',
-        'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid': 'denyOnlyPrimarySid',
-        'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid': 'denyOnlyPrimaryGroupSid',
-        'http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid': 'groupSid',
-        'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid': 'primaryGroupSid',
-        'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid': 'primarySid',
-        'http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname': 'windowsAccountName',
-        },
-    "to": {
-        'emailAddress': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress',
-        'givenName': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname',
-        'name': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name',
-        'upn': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn',
-        'commonName': 'http://schemas.xmlsoap.org/claims/commonname',
-        'group': 'http://schemas.xmlsoap.org/claims/group',
-        'role': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role',
-        'surname': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname',
-        'privatePersonalId': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier',
-        'nameId': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier',
-        'authenticationMethod': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod',
-        'denyOnlySid': 'http://schemas.xmlsoap.com/ws/2005/05/identity/claims/denyonlysid',
-        'denyOnlyPrimarySid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid',
-        'denyOnlyPrimaryGroupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid',
-        'groupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid',
-        'primaryGroupSid': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid',
-        'primarySid':  'http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid',
-        'windowsAccountName': 'http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname',
+    'fro': {
+        CLAIMS+'commonname': 'commonName',
+        CLAIMS+'group': 'group',
+        COM_WS_CLAIMS+'denyonlysid': 'denyOnlySid',
+        MS_CLAIMS+'authenticationmethod': 'authenticationMethod',
+        MS_CLAIMS+'denyonlyprimarygroupsid': 'denyOnlyPrimaryGroupSid',
+        MS_CLAIMS+'denyonlyprimarysid': 'denyOnlyPrimarySid',
+        MS_CLAIMS+'groupsid': 'groupSid',
+        MS_CLAIMS+'primarygroupsid': 'primaryGroupSid',
+        MS_CLAIMS+'primarysid': 'primarySid',
+        MS_CLAIMS+'role': 'role',
+        MS_CLAIMS+'windowsaccountname': 'windowsAccountName',
+        ORG_WS_CLAIMS+'emailaddress': 'emailAddress',
+        ORG_WS_CLAIMS+'givenname': 'givenName',
+        ORG_WS_CLAIMS+'name': 'name',
+        ORG_WS_CLAIMS+'nameidentifier': 'nameId',
+        ORG_WS_CLAIMS+'privatepersonalidentifier': 'privatePersonalId',
+        ORG_WS_CLAIMS+'surname': 'surname',
+        ORG_WS_CLAIMS+'upn': 'upn',
+    },
+    'to': {
+        'authenticationMethod': MS_CLAIMS+'authenticationmethod',
+        'commonName': CLAIMS+'commonname',
+        'denyOnlyPrimaryGroupSid': MS_CLAIMS+'denyonlyprimarygroupsid',
+        'denyOnlyPrimarySid': MS_CLAIMS+'denyonlyprimarysid',
+        'denyOnlySid': COM_WS_CLAIMS+'denyonlysid',
+        'emailAddress': ORG_WS_CLAIMS+'emailaddress',
+        'givenName': ORG_WS_CLAIMS+'givenname',
+        'group': CLAIMS+'group',
+        'groupSid': MS_CLAIMS+'groupsid',
+        'name': ORG_WS_CLAIMS+'name',
+        'nameId': ORG_WS_CLAIMS+'nameidentifier',
+        'primaryGroupSid': MS_CLAIMS+'primarygroupsid',
+        'primarySid': MS_CLAIMS+'primarysid',
+        'privatePersonalId': ORG_WS_CLAIMS+'privatepersonalidentifier',
+        'role': MS_CLAIMS+'role',
+        'surname': ORG_WS_CLAIMS+'surname',
+        'upn': ORG_WS_CLAIMS+'upn',
+        'windowsAccountName': MS_CLAIMS+'windowsaccountname',
     }
 }