- attrstat = login.assertion.attributeStatement[0]
- if not attrstat.attribute:
- attrstat.attribute = ()
-
- # Check attribute policy and perform mapping and filtering
- policy = Policy(self.cfg.default_attribute_mapping,
- self.cfg.default_allowed_attributes)
+ attribute_mappings = self.cfg.default_attribute_mapping
+ if (provider.allowed_attributes is not None and
+ len(provider.allowed_attributes) > 0):
+ allowed_attributes = provider.allowed_attributes
+ else:
+ allowed_attributes = self.cfg.default_allowed_attributes
+ self.debug("Allowed attrs: %s" % allowed_attributes)
+ self.debug("Mapping: %s" % attribute_mappings)
+ policy = Policy(attribute_mappings, allowed_attributes)