Merge pull request #117 from lyft/fix-saml

Added want_attribute_statement parameter for saml
lyft · Feb 9, 2017 · 95065eb · 95065eb
2 parents cb1b26f + 3148710
commit 95065eb
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/confidant/authnz/userauth.py b/confidant/authnz/userauth.py
@@ -499,6 +499,8 @@ def _render_saml_settings_dict(self):
             'wantAssertionsSigned':
                 app.config['SAML_SECURITY_ASSERTIONS_SIGNED'],
             'wantNameIdEncrypted': False,
+            'wantAttributeStatement':
+                app.config['SAML_WANT_ATTRIBUTE_STATEMENT'],
             "signatureAlgorithm": app.config['SAML_SECURITY_SIG_ALGO'],
         }
 

diff --git a/confidant/settings.py b/confidant/settings.py
@@ -210,6 +210,8 @@ def _bootstrap(secrets):
 # Whether to require signatures on individual SAML response assertion fields
 SAML_SECURITY_ASSERTIONS_SIGNED = bool_env('SAML_SECURITY_ASSERTIONS_SIGNED',
                                            False)
+# Whether you want an attribute statement from the SAML assertion
+SAML_WANT_ATTRIBUTE_STATEMENT = bool_env('SAML_WANT_ATTRIBUTE_STATEMENT', True)
 
 # Catchall to provide JSON directly to override SAML settings. Will be provided
 # to OneLogin_Saml2_Auth() for initialization, merging into values set by the