Allow adding an AuthnStatement instance to the Assertion construct and Server authn_response methods.

2014-12-01 21:58:22 +01:00
parent 7bb9d0a693
commit 46011818be
2 changed files with 15 additions and 5 deletions
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -666,7 +666,7 @@ class Assertion(dict):
                  name_id, attrconvs, policy, issuer, authn_class=None,
                  authn_auth=None, authn_decl=None, encrypt=None,
                  sec_context=None, authn_decl_ref=None, authn_instant="",
-                  subject_locality=""):
+                  subject_locality="", authn_statem=None):
        """ Construct the Assertion

        :param sp_entity_id: The entityid of the SP
@@ -687,6 +687,7 @@ class Assertion(dict):
        :param subject_locality: Specifies the DNS domain name and IP address
            for the system from which the assertion subject was apparently
            authenticated.
+        :param authn_statem: A AuthnStatement instance
        :return: An Assertion instance
        """

@@ -711,7 +712,9 @@ class Assertion(dict):
        # start using now and for some time
        conds = policy.conditions(sp_entity_id)

-        if authn_auth or authn_class or authn_decl or authn_decl_ref:
+        if authn_statem:
+            _authn_statement = authn_statem
+        elif authn_auth or authn_class or authn_decl or authn_decl_ref:
            _authn_statement = authn_statement(authn_class, authn_auth,
                                               authn_decl, authn_decl_ref,
                                               authn_instant,
@@ -719,7 +722,6 @@ class Assertion(dict):
        else:
            _authn_statement = None

-
        _ass = assertion_factory(
            issuer=issuer,
            conditions=conds,
--- a/src/saml2/server.py
+++ b/src/saml2/server.py
@@ -282,7 +282,8 @@ class Server(Entity):
                        sp_entity_id, identity=None, name_id=None,
                        status=None, authn=None, issuer=None, policy=None,
                        sign_assertion=False, sign_response=False,
-                        best_effort=False, encrypt_assertion=False, encrypt_cert=None):
+                        best_effort=False, encrypt_assertion=False,
+                        encrypt_cert=None, authn_statement=None):
        """ Create a response. A layer of indirection.

        :param in_response_to: The session identifier of the request
@@ -328,6 +329,12 @@ class Server(Entity):
                                      self.config.attribute_converters,
                                      policy, issuer=_issuer,
                                      **authn_args)
+        elif authn_statement:  # Got a complete AuthnStatement
+            assertion = ast.construct(sp_entity_id, in_response_to,
+                                      consumer_url, name_id,
+                                      self.config.attribute_converters,
+                                      policy, issuer=_issuer,
+                                      authn_statem=authn_statement)
        else:
            assertion = ast.construct(sp_entity_id, in_response_to,
                                      consumer_url, name_id,
@@ -427,7 +434,8 @@ class Server(Entity):
    def create_authn_response(self, identity, in_response_to, destination,
                              sp_entity_id, name_id_policy=None, userid=None,
                              name_id=None, authn=None, issuer=None,
-                              sign_response=None, sign_assertion=None, encrypt_cert=None, encrypt_assertion=None,
+                              sign_response=None, sign_assertion=None,
+                              encrypt_cert=None, encrypt_assertion=None,
                              **kwargs):
        """ Constructs an AuthenticationResponse