Closed pwna5aurus closed 11 months ago
@c00kiemon5ter ? can you shed any light on this?
By looking at this, I can only guess that the attributes are filtered out because of their name format and name not matching a predefined attribute map.
Please, try with attributes that are recognized.
We should probably add a debug logline after the filtering to visualise its result.
Actually, the problem was ultimately this line in Construct()
:
https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/assertion.py#L834
_ass.attribute_statement = [attr_statement]
Which I changed to
_ass.attribute_statement.append(attr_statement)
in my local copy, and it works just fine. (I believe I made some other changes locally, like hardcoding the attr-format
, because I was losing my mind over this 😂)
So I have an IdP built on Flask that handles SAML authn requests. However, the create_authn_response statement does not create any AttributeStatement node in the assertions, even though a well-formed identity dict is provided via the kwargs. I have tried changing the SP metadata to isRequired="true" for the attributes that are, again, mapped in the identity dict, but it still does not result in the inclusion of any AttributeStatement. In my id_conf.py, I specify:
"attribute_restrictions": None
. Everything else (aside from the AttributeStatement) seems to work.Here's some of the debug output:
Code Version
Version: 7.4.2
Expected Behavior
The code should emit a signed SAML response with signed assertions, including an AttributeStatement node.
Current Behavior
No AttributeStatement node in the signed SAML response.
Possible Solution
Unknown
Steps to Reproduce
Example:
(Here's a snippet from the SP Metadata for additional context)