saml: handle empty user-roles attributes (#7532)

2015-06-11 11:35:31 +02:00 · 2015-06-11 11:35:31 +02:00 · 0504685899
parent 6455776a42
commit 0504685899
1 changed files with 5 additions and 1 deletions
--- a/wcs/qommon/saml2.py
+++ b/wcs/qommon/saml2.py
@ -431,10 +431,14 @@ class Saml2Directory(Directory):
        m = {}
        try:
            for attribute in assertion.attributeStatement[0].attribute:
+                # always mark the attribute as being present, even if it won't
+                # have any value, as an empty value (role-slug) must not be
+                # ignored.
+                m.setdefault(attribute.name, [])
                try:
                    d[attribute.name] = attribute.attributeValue[0].any[0].content
                    for attribute_value in attribute.attributeValue:
-                        l = m.setdefault(attribute.name, [])
+                        l = m[attribute.name]
                        l.append(attribute_value.any[0].content)
                except IndexError:
                    pass