def apply_mapping_filter(identity_provider, protocol, assertion, assignment_api, federation_api, identity_api): idp = federation_api.get_idp(identity_provider) utils.validate_idp(idp, protocol, assertion) mapping = federation_api.get_mapping_from_idp_and_protocol( identity_provider, protocol) rules = jsonutils.loads(mapping['rules']) LOG.debug('using the following rules: %s', rules) rule_processor = utils.RuleProcessor(rules) mapped_properties = rule_processor.process(assertion) # NOTE(marek-denis): We update group_ids only here to avoid fetching # groups identified by name/domain twice. # NOTE(marek-denis): Groups are translated from name/domain to their # corresponding ids in the auth plugin, as we need information what # ``mapping_id`` was used as well as idenity_api and assignment_api # objects. group_ids = mapped_properties['group_ids'] utils.validate_groups_in_backend(group_ids, mapping['id'], identity_api) group_ids.extend( utils.transform_to_group_ids( mapped_properties['group_names'], mapping['id'], identity_api, assignment_api)) mapped_properties['group_ids'] = list(set(group_ids)) return mapped_properties
def apply_mapping_filter(identity_provider, protocol, assertion, assignment_api, federation_api, identity_api): idp = federation_api.get_idp(identity_provider) utils.validate_idp(idp, assertion) mapping = federation_api.get_mapping_from_idp_and_protocol( identity_provider, protocol) rules = jsonutils.loads(mapping['rules']) LOG.debug('using the following rules: %s', rules) rule_processor = utils.RuleProcessor(rules) mapped_properties = rule_processor.process(assertion) # NOTE(marek-denis): We update group_ids only here to avoid fetching # groups identified by name/domain twice. # NOTE(marek-denis): Groups are translated from name/domain to their # corresponding ids in the auth plugin, as we need information what # ``mapping_id`` was used as well as idenity_api and assignment_api # objects. group_ids = mapped_properties['group_ids'] utils.validate_groups_in_backend(group_ids, mapping['id'], identity_api) group_ids.extend( utils.transform_to_group_ids( mapped_properties['group_names'], mapping['id'], identity_api, assignment_api)) mapped_properties['group_ids'] = list(set(group_ids)) return mapped_properties
def apply_mapping_filter(identity_provider, protocol, assertion, resource_api, federation_api, identity_api): idp = federation_api.get_idp(identity_provider) utils.validate_idp(idp, protocol, assertion) mapped_properties, mapping_id = federation_api.evaluate( identity_provider, protocol, assertion) # NOTE(marek-denis): We update group_ids only here to avoid fetching # groups identified by name/domain twice. # NOTE(marek-denis): Groups are translated from name/domain to their # corresponding ids in the auth plugin, as we need information what # ``mapping_id`` was used as well as idenity_api and resource_api # objects. group_ids = mapped_properties['group_ids'] utils.validate_groups_in_backend(group_ids, mapping_id, identity_api) group_ids.extend( utils.transform_to_group_ids(mapped_properties['group_names'], mapping_id, identity_api, resource_api)) mapped_properties['group_ids'] = list(set(group_ids)) return mapped_properties, mapping_id
def apply_mapping_filter(identity_provider, protocol, assertion, resource_api, federation_api, identity_api): idp = federation_api.get_idp(identity_provider) utils.validate_idp(idp, protocol, assertion) mapped_properties, mapping_id = federation_api.evaluate( identity_provider, protocol, assertion) # NOTE(marek-denis): We update group_ids only here to avoid fetching # groups identified by name/domain twice. # NOTE(marek-denis): Groups are translated from name/domain to their # corresponding ids in the auth plugin, as we need information what # ``mapping_id`` was used as well as idenity_api and resource_api # objects. group_ids = mapped_properties['group_ids'] utils.validate_groups_in_backend(group_ids, mapping_id, identity_api) group_ids.extend( utils.transform_to_group_ids( mapped_properties['group_names'], mapping_id, identity_api, resource_api)) mapped_properties['group_ids'] = list(set(group_ids)) return mapped_properties, mapping_id