From 3148710ffa35637105ab6fca341a3041449b4119 Mon Sep 17 00:00:00 2001
From: Vivian Ho <vho@lyft.com>
Date: Thu, 9 Feb 2017 15:06:09 -0800
Subject: [PATCH] added want_attribute_statement parameter for saml

---
 confidant/authnz/userauth.py | 2 ++
 confidant/settings.py        | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/confidant/authnz/userauth.py b/confidant/authnz/userauth.py
index 648508c0..76972512 100644
--- a/confidant/authnz/userauth.py
+++ b/confidant/authnz/userauth.py
@@ -499,6 +499,8 @@ def _render_saml_settings_dict(self):
             'wantAssertionsSigned':
                 app.config['SAML_SECURITY_ASSERTIONS_SIGNED'],
             'wantNameIdEncrypted': False,
+            'wantAttributeStatement':
+                app.config['SAML_WANT_ATTRIBUTE_STATEMENT'],
             "signatureAlgorithm": app.config['SAML_SECURITY_SIG_ALGO'],
         }
 
diff --git a/confidant/settings.py b/confidant/settings.py
index 054cb08f..3322a669 100644
--- a/confidant/settings.py
+++ b/confidant/settings.py
@@ -210,6 +210,8 @@ def _bootstrap(secrets):
 # Whether to require signatures on individual SAML response assertion fields
 SAML_SECURITY_ASSERTIONS_SIGNED = bool_env('SAML_SECURITY_ASSERTIONS_SIGNED',
                                            False)
+# Whether you want an attribute statement from the SAML assertion
+SAML_WANT_ATTRIBUTE_STATEMENT = bool_env('SAML_WANT_ATTRIBUTE_STATEMENT', True)
 
 # Catchall to provide JSON directly to override SAML settings. Will be provided
 # to OneLogin_Saml2_Auth() for initialization, merging into values set by the