Use the correct attribute names.

5 files changed, 42 insertions, 22 deletions

diff --git a/example/idp2/idp.py b/example/idp2/idp.py
index d22e2d33..4f540669 100755
--- a/example/idp2/idp.py
+++ b/example/idp2/idp.py
@@ -31,7 +31,7 @@ from saml2.httputil import Unauthorized
 from saml2.httputil import BadRequest
 from saml2.httputil import ServiceError
 from saml2.ident import Unknown
-from saml2.s_utils import rndstr
+from saml2.s_utils import rndstr, exception_trace
 from saml2.s_utils import UnknownPrincipal
 from saml2.s_utils import UnsupportedBinding
 from saml2.s_utils import PolicyError
@@ -282,7 +282,7 @@ class SSO(Service):
                     authn=AUTHN_BROKER[self.environ["idp.authn_ref"]],
                     **resp_args)
             except Exception, excp:
-                logger.error("Exception: %s" % (excp,))
+                logging.error(exception_trace(excp))
                 resp = ServiceError("Exception: %s" % (excp,))
                 return resp(self.environ, self.start_response)
 
diff --git a/example/idp2/idp_user.py b/example/idp2/idp_user.py
index afb554be..ee2f68bd 100644
--- a/example/idp2/idp_user.py
+++ b/example/idp2/idp_user.py
@@ -1,6 +1,6 @@
 USERS = {
     "roland": {
-        "surname": "Hedberg",
+        "sn": "Hedberg",
         "givenName": "Roland",
         "eduPersonScopedAffiliation": "staff@example.com",
         "eduPersonPrincipalName": "rohe@example.com",
diff --git a/src/saml2/assertion.py b/src/saml2/assertion.py
index 597c31f5..3bde2cd8 100644
--- a/src/saml2/assertion.py
+++ b/src/saml2/assertion.py
@@ -231,20 +231,24 @@ def filter_attribute_value_assertions(ava, attribute_restrictions=None):
         return ava
     
     for attr, vals in ava.items():
-        if attr in attribute_restrictions:
-            if attribute_restrictions[attr]:
-                rvals = []
-                for restr in attribute_restrictions[attr]:
-                    for val in vals:
-                        if restr.match(val):
-                            rvals.append(val)
-                
-                if rvals:
-                    ava[attr] = list(set(rvals))
-                else:
-                    del ava[attr]
-        else:
+        _attr = attr.lower()
+        try:
+            _rests = attribute_restrictions[_attr]
+        except KeyError:
             del ava[attr]
+        else:
+            if _rests is None:
+                continue
+            rvals = []
+            for restr in _rests:
+                for val in vals:
+                    if restr.match(val):
+                        rvals.append(val)
+
+            if rvals:
+                ava[attr] = list(set(rvals))
+            else:
+                del ava[attr]
     return ava
 
 
@@ -294,9 +298,11 @@ class Policy(object):
                 for cat in items:
                     _mod = importlib.import_module(
                         "saml2.entity_category.%s" % cat)
-                    ecs.append(_mod.RELEASE)
+                    _ec = {}
+                    for key, items in _mod.RELEASE.items():
+                        _ec[key] = [k.lower() for k in items]
+                    ecs.append(_ec)
                 spec["entity_categories"] = ecs
-
             try:
                 restr = spec["attribute_restrictions"]
             except KeyError:
@@ -307,12 +313,14 @@ class Policy(object):
 
             for key, values in restr.items():
                 if not values:
-                    spec["attribute_restrictions"][key] = None
+                    spec["attribute_restrictions"][key.lower()] = None
                     continue
 
-                spec["attribute_restrictions"][key] = \
+                spec["attribute_restrictions"][key.lower()] = \
                     [re.compile(value) for value in values]
 
+        logger.debug("policy restrictions: %s" % self._restrictions)
+
         return self._restrictions
     
     def get_nameid_format(self, sp_entity_id):
@@ -439,7 +447,6 @@ class Policy(object):
 
         return restrictions
 
-
     def not_on_or_after(self, sp_entity_id):
         """ When the assertion stops being valid, should not be
         used after this time.
@@ -469,6 +476,7 @@ class Policy(object):
         if _rest is None:
             _rest = self.get_entity_categories_restriction(sp_entity_id,
                                                            mdstore)
+        logger.debug("filter based on: %s" % _rest)
         ava = filter_attribute_value_assertions(ava, _rest)
         
         if required or optional:
diff --git a/src/saml2/entity_category/edugain.py b/src/saml2/entity_category/edugain.py
index a873daff..1e208f64 100644
--- a/src/saml2/entity_category/edugain.py
+++ b/src/saml2/entity_category/edugain.py
@@ -5,6 +5,6 @@ COC = "http://www.edugain.org/dataprotection/coc-eu-01-draft"
 RELEASE = {
     "": ["eduPersonTargetedID"],
     COC: ["eduPersonPrincipalName", "eduPersonScopedAffiliation", "email",
-          "givenName", "sn", "displayName", "schacHomeOrganization"]
+          "givenName", "sn", "displayName", "schachomeorganization"]
 }
 
diff --git a/src/saml2/s_utils.py b/src/saml2/s_utils.py
index 34552cb0..098382d9 100644
--- a/src/saml2/s_utils.py
+++ b/src/saml2/s_utils.py
@@ -10,6 +10,7 @@ import hmac
 
 # from python 2.5
 import imp
+import traceback
 
 if sys.version_info >= (2, 5):
     import hashlib
@@ -436,3 +437,14 @@ def dynamic_importer(name, class_name=None):
         return package, _class
     else:
         return package, None
+
+
+def exception_trace(exc):
+    message = traceback.format_exception(*sys.exc_info())
+
+    try:
+        _exc = "Exception: %s" % exc
+    except UnicodeEncodeError:
+        _exc = "Exception: %s" % exc.message.encode("utf-8", "replace")
+
+    return {"message": _exc, "content": "".join(message)}