Hello!
Please feel free to close this as invalid if I'm misunderstanding how things are supposed to work...
I'm requesting a number of attributes from the IdP - the requestAttributes-section of the SP-configuration is set up with the urn:-names and friendlyNames as follows:
'requestedAttributes': [{
"name": "urn:mace:dir:attribute-def:displayName",
"isRequired": True,
"nameFormat": "urn:mace:shibboleth:1.0:attributeNamespace:uri",
"friendlyName": "displayName",
"attributeValue": []
}, {
"name": "urn:oid:2.16.840.1.113730.3.1.241",
"isRequired": True,
"nameFormat": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"friendlyName": "displayName",
"attributeValue": []
}],This yields - as expected - a response something like this:
<saml2:AttributeStatement>
<saml2:Attribute FriendlyName="mail" Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml2:AttributeValue xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">foo@bar.tld</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>I was a little bit surprised that calling auth.get_attributes() would return the attributes with the urn:-name/notation even though a friendlyName was setup in the SP-config and even returned by the IdP.
I was wondering if this is the expected result or if I might have some other misconfiguration going on.
It is easy enough to iterate through the returned attributes and compare them to the SP-config and pull the friendlyNames... But I think that instead of doing this after the fact, it might be easier/quicker to just pull the friendlyName in /onelogin/saml2/response.py:get_attributes().
I'd be open to create a PR to implement this. However I would need some guide as to how this should exactly be handled: Using the friendlyName instead of the name in get_attributes() might break existing implementations - so I'm thinking of perhaps just having both present in the resulting dict?
Hello!
Please feel free to close this as invalid if I'm misunderstanding how things are supposed to work...
I'm requesting a number of attributes from the IdP - the
requestAttributes-section of the SP-configuration is set up with theurn:-names andfriendlyNames as follows:This yields - as expected - a response something like this:
I was a little bit surprised that calling
auth.get_attributes()would return the attributes with theurn:-name/notation even though afriendlyNamewas setup in the SP-config and even returned by the IdP.I was wondering if this is the expected result or if I might have some other misconfiguration going on.
It is easy enough to iterate through the returned attributes and compare them to the SP-config and pull the
friendlyNames... But I think that instead of doing this after the fact, it might be easier/quicker to just pull thefriendlyNamein/onelogin/saml2/response.py:get_attributes().I'd be open to create a PR to implement this. However I would need some guide as to how this should exactly be handled: Using the
friendlyNameinstead of thenameinget_attributes()might break existing implementations - so I'm thinking of perhaps just having both present in the resulting dict?