diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/saml2/__init__.py | 26 | ||||
| -rw-r--r-- | src/saml2/client.py | 6 | ||||
| -rw-r--r-- | src/saml2/client_base.py | 43 | ||||
| -rw-r--r-- | src/saml2/entity.py | 5 |
4 files changed, 55 insertions, 25 deletions
diff --git a/src/saml2/__init__.py b/src/saml2/__init__.py index 7a73aba2..db055476 100644 --- a/src/saml2/__init__.py +++ b/src/saml2/__init__.py @@ -541,6 +541,23 @@ class SamlBase(ExtensionContainer): self._add_members_to_element_tree(new_tree) return new_tree + def register_prefix(self, nspair): + """ + Register with ElementTree a set of namespaces + + :param nspair: A dictionary of prefixes and uris to use when + constructing the text representation. + :return: + """ + for prefix, uri in nspair.items(): + try: + ElementTree.register_namespace(prefix, uri) + except AttributeError: + # Backwards compatibility with ET < 1.3 + ElementTree._namespace_map[uri] = prefix + except ValueError: + pass + def to_string(self, nspair=None): """Converts the Saml object to a string containing XML. @@ -552,14 +569,7 @@ class SamlBase(ExtensionContainer): nspair = self.c_ns_prefix if nspair: - for prefix, uri in nspair.items(): - try: - ElementTree.register_namespace(prefix, uri) - except AttributeError: - # Backwards compatibility with ET < 1.3 - ElementTree._namespace_map[uri] = prefix - except ValueError: - pass + self.register_prefix(nspair) return ElementTree.tostring(self._to_element_tree(), encoding="UTF-8") diff --git a/src/saml2/client.py b/src/saml2/client.py index ca83bf9a..d64bd806 100644 --- a/src/saml2/client.py +++ b/src/saml2/client.py @@ -342,7 +342,7 @@ class Saml2Client(Base): attribute=None, sp_name_qualifier=None, name_qualifier=None, nameid_format=None, real_id=None, consent=None, extensions=None, - sign=False, binding=BINDING_SOAP): + sign=False, binding=BINDING_SOAP, nsprefix=None): """ Does a attribute request to an attribute authority, this is by default done over SOAP. @@ -359,6 +359,8 @@ class Saml2Client(Base): :param real_id: The identifier which is the key to this entity in the identity database :param binding: Which binding to use + :param nsprefix: Namespace prefixes preferred before those automatically + produced. :return: The attributes returned if BINDING_SOAP was used. HTTP args if BINDING_HTT_POST was used. """ @@ -393,7 +395,7 @@ class Saml2Client(Base): mid = sid() query = self.create_attribute_query(destination, subject_id, attribute, mid, consent, - extensions, sign) + extensions, sign, nsprefix) self.state[query.id] = {"entity_id": entityid, "operation": "AttributeQuery", "subject_id": subject_id, diff --git a/src/saml2/client_base.py b/src/saml2/client_base.py index 6fc1effc..a0e5e109 100644 --- a/src/saml2/client_base.py +++ b/src/saml2/client_base.py @@ -306,6 +306,11 @@ class Base(Entity): pass args["name_id_policy"] = name_id_policy + try: + nsprefix = kwargs["nsprefix"] + except KeyError: + nsprefix = None + if kwargs: _args, extensions = self._filter_args(AuthnRequest(), extensions, **kwargs) @@ -328,11 +333,11 @@ class Base(Entity): return self._message(AuthnRequest, destination, message_id, consent, extensions, sign, sign_prepare, protocol_binding=binding, - scoping=scoping, **args) + scoping=scoping, nsprefix=nsprefix, **args) return self._message(AuthnRequest, destination, message_id, consent, extensions, sign, sign_prepare, protocol_binding=binding, - scoping=scoping, **args) + scoping=scoping, nsprefix=nsprefix, **args) def create_attribute_query(self, destination, name_id=None, attribute=None, message_id=0, consent=None, @@ -386,9 +391,14 @@ class Base(Entity): if attribute: attribute = do_attributes(attribute) + try: + nsprefix = kwargs["nsprefix"] + except KeyError: + nsprefix = None + return self._message(AttributeQuery, destination, message_id, consent, extensions, sign, sign_prepare, subject=subject, - attribute=attribute) + attribute=attribute, nsprefix=nsprefix) # MUST use SOAP for # AssertionIDRequest, SubjectQuery, @@ -422,7 +432,7 @@ class Base(Entity): subject=None, message_id=0, consent=None, extensions=None, - sign=False): + sign=False, nsprefix=None): """ Makes an authz decision query based on a previously received Assertion. @@ -449,7 +459,7 @@ class Base(Entity): return self.create_authz_decision_query( destination, _action, saml.Evidence(assertion=assertion), resource, subject, message_id=message_id, consent=consent, - extensions=extensions, sign=sign) + extensions=extensions, sign=sign, nsprefix=nsprefix) @staticmethod def create_assertion_id_request(assertion_id_refs, **kwargs): @@ -466,7 +476,7 @@ class Base(Entity): def create_authn_query(self, subject, destination=None, authn_context=None, session_index="", message_id=0, consent=None, - extensions=None, sign=False): + extensions=None, sign=False, nsprefix=None): """ :param subject: The subject its all about as a <Subject> instance @@ -479,15 +489,18 @@ class Base(Entity): :param sign: Whether the request should be signed or not. :return: """ - return self._message(AuthnQuery, destination, message_id, consent, extensions, - sign, subject=subject, session_index=session_index, - requested_authn_context=authn_context) + return self._message(AuthnQuery, destination, message_id, consent, + extensions, sign, subject=subject, + session_index=session_index, + requested_authn_context=authn_context, + nsprefix=nsprefix) def create_name_id_mapping_request(self, name_id_policy, name_id=None, base_id=None, encrypted_id=None, destination=None, - message_id=0, consent=None, extensions=None, - sign=False): + message_id=0, consent=None, + extensions=None, sign=False, + nsprefix=None): """ :param name_id_policy: @@ -508,16 +521,18 @@ class Base(Entity): if name_id: return self._message(NameIDMappingRequest, destination, message_id, consent, extensions, sign, - name_id_policy=name_id_policy, name_id=name_id) + name_id_policy=name_id_policy, name_id=name_id, + nsprefix=nsprefix) elif base_id: return self._message(NameIDMappingRequest, destination, message_id, consent, extensions, sign, - name_id_policy=name_id_policy, base_id=base_id) + name_id_policy=name_id_policy, base_id=base_id, + nsprefix=nsprefix) else: return self._message(NameIDMappingRequest, destination, message_id, consent, extensions, sign, name_id_policy=name_id_policy, - encrypted_id=encrypted_id) + encrypted_id=encrypted_id, nsprefix=nsprefix) # ======== response handling =========== diff --git a/src/saml2/entity.py b/src/saml2/entity.py index 9781310c..8779b192 100644 --- a/src/saml2/entity.py +++ b/src/saml2/entity.py @@ -421,7 +421,7 @@ class Entity(HTTPBase): def _message(self, request_cls, destination=None, message_id=0, consent=None, extensions=None, sign=False, sign_prepare=False, - **kwargs): + nsprefix=None, **kwargs): """ Some parameters appear in all requests so simplify by doing it in one place @@ -456,6 +456,9 @@ class Entity(HTTPBase): if extensions: req.extensions = extensions + if nsprefix: + req.register_prefix(nsprefix) + if sign: return reqid, self.sign(req, sign_prepare=sign_prepare) else: |