def apply_mapping_filter(identity_provider, protocol, assertion,
assignment_api, federation_api, identity_api):
idp = federation_api.get_idp(identity_provider)
utils.validate_idp(idp, protocol, assertion)
mapping = federation_api.get_mapping_from_idp_and_protocol(
identity_provider, protocol)
rules = jsonutils.loads(mapping['rules'])
LOG.debug('using the following rules: %s', rules)
rule_processor = utils.RuleProcessor(rules)
mapped_properties = rule_processor.process(assertion)
# NOTE(marek-denis): We update group_ids only here to avoid fetching
# groups identified by name/domain twice.
# NOTE(marek-denis): Groups are translated from name/domain to their
# corresponding ids in the auth plugin, as we need information what
# ``mapping_id`` was used as well as idenity_api and assignment_api
# objects.
group_ids = mapped_properties['group_ids']
utils.validate_groups_in_backend(group_ids,
mapping['id'],
identity_api)
group_ids.extend(
utils.transform_to_group_ids(
mapped_properties['group_names'], mapping['id'],
identity_api, assignment_api))
mapped_properties['group_ids'] = list(set(group_ids))
return mapped_properties
def apply_mapping_filter(identity_provider, protocol, assertion,
assignment_api, federation_api, identity_api):
idp = federation_api.get_idp(identity_provider)
utils.validate_idp(idp, assertion)
mapping = federation_api.get_mapping_from_idp_and_protocol(
identity_provider, protocol)
rules = jsonutils.loads(mapping['rules'])
LOG.debug('using the following rules: %s', rules)
rule_processor = utils.RuleProcessor(rules)
mapped_properties = rule_processor.process(assertion)
# NOTE(marek-denis): We update group_ids only here to avoid fetching
# groups identified by name/domain twice.
# NOTE(marek-denis): Groups are translated from name/domain to their
# corresponding ids in the auth plugin, as we need information what
# ``mapping_id`` was used as well as idenity_api and assignment_api
# objects.
group_ids = mapped_properties['group_ids']
utils.validate_groups_in_backend(group_ids,
mapping['id'],
identity_api)
group_ids.extend(
utils.transform_to_group_ids(
mapped_properties['group_names'], mapping['id'],
identity_api, assignment_api))
mapped_properties['group_ids'] = list(set(group_ids))
return mapped_properties
def apply_mapping_filter(identity_provider, protocol, assertion, resource_api,
federation_api, identity_api):
idp = federation_api.get_idp(identity_provider)
utils.validate_idp(idp, protocol, assertion)
mapped_properties, mapping_id = federation_api.evaluate(
identity_provider, protocol, assertion)
# NOTE(marek-denis): We update group_ids only here to avoid fetching
# groups identified by name/domain twice.
# NOTE(marek-denis): Groups are translated from name/domain to their
# corresponding ids in the auth plugin, as we need information what
# ``mapping_id`` was used as well as idenity_api and resource_api
# objects.
group_ids = mapped_properties['group_ids']
utils.validate_groups_in_backend(group_ids, mapping_id, identity_api)
group_ids.extend(
utils.transform_to_group_ids(mapped_properties['group_names'],
mapping_id, identity_api, resource_api))
mapped_properties['group_ids'] = list(set(group_ids))
return mapped_properties, mapping_id
def apply_mapping_filter(identity_provider, protocol, assertion,
resource_api, federation_api, identity_api):
idp = federation_api.get_idp(identity_provider)
utils.validate_idp(idp, protocol, assertion)
mapped_properties, mapping_id = federation_api.evaluate(
identity_provider, protocol, assertion)
# NOTE(marek-denis): We update group_ids only here to avoid fetching
# groups identified by name/domain twice.
# NOTE(marek-denis): Groups are translated from name/domain to their
# corresponding ids in the auth plugin, as we need information what
# ``mapping_id`` was used as well as idenity_api and resource_api
# objects.
group_ids = mapped_properties['group_ids']
utils.validate_groups_in_backend(group_ids,
mapping_id,
identity_api)
group_ids.extend(
utils.transform_to_group_ids(
mapped_properties['group_names'], mapping_id,
identity_api, resource_api))
mapped_properties['group_ids'] = list(set(group_ids))
return mapped_properties, mapping_id