1818from saml2 import element_to_extension_element
1919from saml2 import class_name
2020from saml2 import BINDING_HTTP_REDIRECT
21+ from saml2 .argtree import add_path
2122
2223from saml2 .entity import Entity
2324from saml2 .eptid import Eptid
@@ -290,7 +291,7 @@ def parse_name_id_mapping_request(self, xml_string, binding):
290291
291292 def setup_assertion (self , authn , sp_entity_id , in_response_to , consumer_url ,
292293 name_id , policy , _issuer , authn_statement , identity ,
293- best_effort , sign_response , farg , ** kwargs ):
294+ best_effort , sign_response , farg = None , ** kwargs ):
294295 """
295296 Construct and return the Assertion
296297
@@ -322,14 +323,17 @@ def setup_assertion(self, authn, sp_entity_id, in_response_to, consumer_url,
322323 return self .create_error_response (in_response_to , consumer_url ,
323324 exc , sign_response )
324325
325- try :
326- subject_confirmation_specs = kwargs ['subject_confirmation' ]
327- except KeyError :
328- subject_confirmation_data = {
329- 'recipient' : consumer_url ,
330- 'in_response_to' : in_response_to ,
331- 'method' : saml .SCM_BEARER
332- }
326+ if not farg :
327+ farg = add_path (
328+ {},
329+ ['assertion' , 'subject' , 'subject_confirmation' , 'method' ,
330+ saml .SCM_BEARER ])
331+ add_path (
332+ farg ['assertion' ]['subject' ]['subject_confirmation' ],
333+ ['subject_confirmation_data' , 'in_response_to' , in_response_to ])
334+ add_path (
335+ farg ['assertion' ]['subject' ]['subject_confirmation' ],
336+ ['subject_confirmation_data' , 'recipient' , consumer_url ])
333337
334338 if authn : # expected to be a dictionary
335339 # Would like to use dict comprehension but ...
@@ -427,29 +431,23 @@ def _authn_response(self, in_response_to, consumer_url,
427431 if pefim :
428432 encrypted_advice_attributes = True
429433 encrypt_assertion_self_contained = True
430- assertion_attributes = self .setup_assertion (None , sp_entity_id ,
431- None , None , None ,
432- policy ,
433- None , None , identity ,
434- best_effort ,
435- sign_response , False ,
436- ** assertion_args )
437- assertion = self .setup_assertion (authn , sp_entity_id ,
438- ass_in_response_to , consumer_url ,
439- name_id , policy , _issuer ,
440- authn_statement , [], True ,
441- sign_response , ** assertion_args )
434+ assertion_attributes = self .setup_assertion (
435+ None , sp_entity_id , None , None , None , policy , None , None ,
436+ identity , best_effort , sign_response , farg = assertion_args )
437+ assertion = self .setup_assertion (
438+ authn , sp_entity_id , ass_in_response_to , consumer_url , name_id ,
439+ policy , _issuer , authn_statement , [], True , sign_response ,
440+ farg = assertion_args )
442441 assertion .advice = saml .Advice ()
443442
444443 # assertion.advice.assertion_id_ref.append(saml.AssertionIDRef())
445444 # assertion.advice.assertion_uri_ref.append(saml.AssertionURIRef())
446445 assertion .advice .assertion .append (assertion_attributes )
447446 else :
448- assertion = self .setup_assertion (authn , sp_entity_id ,
449- ass_in_response_to , consumer_url ,
450- name_id , policy , _issuer ,
451- authn_statement , identity , True ,
452- sign_response , ** assertion_args )
447+ assertion = self .setup_assertion (
448+ authn , sp_entity_id , ass_in_response_to , consumer_url , name_id ,
449+ policy , _issuer , authn_statement , identity , True ,
450+ sign_response , farg = assertion_args )
453451
454452 to_sign = []
455453 if not encrypt_assertion :
@@ -484,7 +482,7 @@ def create_attribute_response(self, identity, in_response_to, destination,
484482 status = None , issuer = None ,
485483 sign_assertion = False , sign_response = False ,
486484 attributes = None , sign_alg = None ,
487- digest_alg = None , ** kwargs ):
485+ digest_alg = None , farg = None , ** kwargs ):
488486 """ Create an attribute assertion response.
489487
490488 :param identity: A dictionary with attributes and values that are
@@ -516,6 +514,19 @@ def create_attribute_response(self, identity, in_response_to, destination,
516514 to_sign = []
517515
518516 if identity :
517+ if not farg :
518+ farg = add_path (
519+ {},
520+ ['assertion' , 'subject' , 'subject_confirmation' , 'method' ,
521+ saml .SCM_BEARER ])
522+ add_path (
523+ farg ['assertion' ]['subject' ]['subject_confirmation' ],
524+ ['subject_confirmation_data' , 'in_response_to' ,
525+ in_response_to ])
526+ add_path (
527+ farg ['assertion' ]['subject' ]['subject_confirmation' ],
528+ ['subject_confirmation_data' , 'recipient' , destination ])
529+
519530 _issuer = self ._issuer (issuer )
520531 ast = Assertion (identity )
521532 if policy :
@@ -527,19 +538,10 @@ def create_attribute_response(self, identity, in_response_to, destination,
527538 restr = restriction_from_attribute_spec (attributes )
528539 ast = filter_attribute_value_assertions (ast )
529540
530- try :
531- subject_confirmation_specs = kwargs ['subject_confirmation_specs' ]
532- except KeyError :
533- subject_confirmation_specs = {
534- 'recipient' : destination ,
535- 'in_response_to' : in_response_to ,
536- 'subject_confirmation_method' : saml .SCM_BEARER
537- }
538-
539541 assertion = ast .construct (
540542 sp_entity_id , self .config .attribute_converters , policy ,
541543 issuer = _issuer , name_id = name_id ,
542- subject_confirmation_specs = subject_confirmation_specs )
544+ farg = farg [ 'assertion' ] )
543545
544546 if sign_assertion :
545547 assertion .signature = pre_signature_part (assertion .id ,
@@ -712,8 +714,7 @@ def create_authn_response(self, identity, in_response_to, destination,
712714 encrypt_cert_advice = encrypt_cert_advice ,
713715 encrypt_cert_assertion = encrypt_cert_assertion ,
714716 encrypt_assertion = encrypt_assertion ,
715- encrypt_assertion_self_contained
716- = encrypt_assertion_self_contained ,
717+ encrypt_assertion_self_contained = encrypt_assertion_self_contained ,
717718 encrypted_advice_attributes = encrypted_advice_attributes ,
718719 pefim = pefim , ** kwargs )
719720 except IOError as exc :
0 commit comments