pysaml2 icon indicating copy to clipboard operation
pysaml2 copied to clipboard
verified publisher icon IdentityPython

Customize AttributeStatement

Open fmarco opened this issue 7 years ago • 2 comments

Is it possible to configure a response (via create_authn_response on Server class) containing an Attributestatement containing Attribute elements with no familyName attribute at all and having AttributeType elements with xsi:type attributes containing custom type? (e.g. xs:date)

Code Version

4.5.0

Expected Behavior

            <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="SomeAttribute">
                <saml:AttributeValue xsi:type="xs:date">1900-01-01</saml:AttributeValue>
            </saml:Attribute>

Current Behavior

            <saml:Attribute FriendlyName="SomeAttribute" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="SomeAttribute">
                <saml:AttributeValue xsi:type="xs:string">1900-01-01</saml:AttributeValue>
            </saml:Attribute>

Possible Solution

To handle custom xsi:type maybe we could extend AttributeValueBase (?), while i've no idea about how to bypass FriendlyName (except for some monkeypatching...).

Steps to Reproduce

Configure an idp server.

fmarco avatar Jul 26 '18 11:07 fmarco

@peppelinux @fmarco can someone share the code sample and relevant config that even creates saml:AttributeStatements and saml:Attribute ?? I'm unable to have my create_authn_response wrapper method set this up. ?? the example/idp code does not do this or make it clear, thanks!

bjm88 avatar Nov 27 '21 23:11 bjm88

Ciao,

As spid SP i fixed the xsd:date with my fork and with the RP you find in the open PRs

As idp I use uniauth https://github.com/UniversitaDellaCalabria/uniAuth

peppelinux avatar Nov 29 '21 21:11 peppelinux