Merge branch 'master' of https://github.com/rohe/pysaml2

2013-06-10 15:31:09 +02:00
parent 7553a61b52 5ae327b1f5
commit 4363b0f23a
6 changed files with 25 additions and 6 deletions
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -524,7 +524,6 @@ class Policy(object):
                                            text=sp_entity_id))])


-
 class EntityCategories(object):
    pass

--- a/src/saml2/config.py
+++ b/src/saml2/config.py
@@ -191,6 +191,7 @@ class Config(object):
        self.name_qualifier = ""
        self.entity_category = ""
        self.crypto_backend = 'xmlsec1'
+        self.scope = ""

    def setattr(self, context, attr, val):
        if context == "":
--- a/src/saml2/entity_category/swamid.py
+++ b/src/saml2/entity_category/swamid.py
@@ -3,7 +3,8 @@ __author__ = 'rolandh'

 NAME = ["givenName", "initials", "displayName", "sn"]
 STATIC_ORG_INFO = ["c", "o", "ou"]
-OTHER = ["eduPersonPrincipalName", "eduPersonScopedAffiliation", "email"]
+OTHER = ["eduPersonPrincipalName", "eduPersonScopedAffiliation", "email",
+         "mail"]

 # These give you access to information
 RESEARCH_AND_EDUCATION = "http://www.swamid.se/category/research-and-education"
--- a/src/saml2/response.py
+++ b/src/saml2/response.py
@@ -654,9 +654,19 @@ class AuthnResponse(StatusResponse):
        subject.subject_confirmation = subjconf
        
        # The subject must contain a name_id
-        assert subject.name_id
-        # Make certain the name id format
-        self.name_id = subject.name_id
+        try:
+            assert subject.name_id
+            self.name_id = subject.name_id
+        except AssertionError:
+            if subject.encrypted_id:
+                # decrypt encrypted ID
+                _name_id_str = self.sec.decrypt(
+                    subject.encrypted_id.encrypted_data.to_string())
+                _name_id = saml.name_id_from_string(_name_id_str)
+                self.name_id = _name_id
+            else:
+                raise VerificationError("Missing NameID")
+
        return self.name_id
    
    def _assertion(self, assertion):
@@ -759,7 +769,10 @@ class AuthnResponse(StatusResponse):
        for astat in self.assertion.authn_statement:
            context = astat.authn_context
            if context:
-                aclass = context.authn_context_class_ref.text
+                try:
+                    aclass = context.authn_context_class_ref.text
+                except AttributeError:
+                    aclass = ""
                try:
                    authn_auth = [a.text for a in
                                  context.authenticating_authority]
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -56,6 +56,10 @@ SIG = "{%s#}%s" % (ds.NAMESPACE, "Signature")
 RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"


+class CertificateTooOld(Exception):
+    pass
+
+
 def signed(item):
    if SIG in item.c_children.keys() and item.signature:
        return True
--- a/tests/idp_all_conf.py
+++ b/tests/idp_all_conf.py
@@ -80,6 +80,7 @@ CONFIG = {
                }
            },
            #"subject_data": ("mongodb", "foo"),
+            "scope": ["example.com"]
        },
    },
    "debug": 1,