Closed ToufiPF closed 11 months ago
The missing step was to add an attribute map:
attributemaps/custom.py
:
MAP = {
"identifier": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
"fro": {
"FullName": "FullName",
"Email": "Email",
"Login": "Login",
"Roles": "Roles",
},
}
And of course to add
"attribute_map_dir": "../attributemaps",
to the CONFIG
in idp_conf and sp_conf.
This has the side effect of adding a FriendlyName tag to the xml elements, though, which I simply ignore.
It seems that the attributes specified in
idp_user
always have NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri", even if the IDP has'name_form': "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
in its configuration.Code Version
pysaml2 7.4.2 ; and for the examples I cloned the master branch yesterday.
Expected Behavior
The custom attributes returned in the assertion have NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified".
Current Behavior
The custom attributes returned in the assertion have NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri".
Possible Solution
No idea, tbh. I tried to debug it a bit by myself. It seems to me that the correct config is loaded, and
IDP.config._idp_policy.get_name_form("http:localhost:8087")
does return the expected name format.Steps to Reproduce
idp2
andsp-wsgi
idp_conf
, resp.sp_conf
.and
idp_user
to contain custom attributes, e.g.,./all.sh
)<ns0:Attribute xmlns:ns0="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Name="login" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"><ns0:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema">roland4871</ns0:AttributeValue></ns0:Attribute>
which has an incorrect NameFormat.Did I do something wrong or is this really a bug ?