search

IdentityPython / pysaml2

Python implementation of SAML2
Apache License 2.0
548 stars 422 forks source link

Allow marking `ContactPerson` as `remd:contactType="http://refeds.org/metadata/contactType/security"` #956

Closed max-moser closed 3 months ago

max-moser commented 3 months ago

AFAIK, marking contact persons as "security" requires using an attribute from a REFEDS extension. Examples of such <ContactPerson> elements can be found in tests/remote_data/InCommon-metadata-export.xml:

<ContactPerson xmlns:remd="http://refeds.org/metadata" contactType="other" remd:contactType="http://refeds.org/metadata/contactType/security">
  <GivenName>Shibboleth Contact</GivenName>
  <EmailAddress>contact@shibboleth.net</EmailAddress>
</ContactPerson>

As far as I could see in the code, only the "base" contactType is taken into account when exporting metadata right now.

It would be cool if there were a possibility to create the REFEDS extension attribute on export as well.

vladimir-mencl-eresearch commented 3 months ago

Hi @max-moser ,

I have this working with SATOSA - using only functionality available in pysaml2 for exporting the metadata.

See the examples contributed in https://github.com/IdentityPython/SATOSA/pull/430.

The key bit is that pysaml2 supports extension_attributes for ContactPerson - and you can pass the remd:ContactType (alongside the XML namespace declaration) this way.

Hope this helps.

Cheers, Vlad

max-moser commented 3 months ago

Hey @vladimir-mencl-eresearch ,

Thanks a ton, this is exactly what I needed, works like a charm!

Cheers, Max