From: Simo Sorce <simo@redhat.com>
Date: Tue, 17 Mar 2015 17:22:06 +0000 (-0400)
Subject: Properly handle groups info in SAML provider
X-Git-Tag: v0.5.0~18
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=acd6db64e46c8fa5b93c07dc5ff5c5172ddfa4f6

Properly handle groups info in SAML provider

Also removes internal attributes (any attribute that starts with _

Fixes: https://fedorahosted.org/ipsilon/ticket/71

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
---

diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 95751aa..ddebd8c 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -217,9 +217,15 @@ class AuthenticateRequest(ProviderPageBase):
         mappedattrs, _ = policy.map_attributes(userattrs)
         attributes = policy.filter_attributes(mappedattrs)
 
+        if '_groups' in attributes and 'groups' not in attributes:
+            attributes['groups'] = attributes['_groups']
+
         self.debug("%s's attributes: %s" % (user.name, attributes))
 
         for key in attributes:
+            # skip internal info
+            if key[0] == '_':
+                continue
             values = attributes[key]
             if isinstance(values, dict):
                 continue