From aa7e3c2a15f32fa6b6ece17172171fe7fd1ba158 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Wed, 26 Dec 2018 21:55:37 +0100
Subject: [PATCH] saml_idp: cleanup settings, add was processor

---
 passbook/lib/default.yml                |  4 +---
 passbook/saml_idp/processors/aws.py     | 26 +++++++++++++++++++++++++
 passbook/saml_idp/processors/generic.py |  1 -
 3 files changed, 27 insertions(+), 4 deletions(-)
 create mode 100644 passbook/saml_idp/processors/aws.py

diff --git a/passbook/lib/default.yml b/passbook/lib/default.yml
index 05c179fa1..b797ce765 100644
--- a/passbook/lib/default.yml
+++ b/passbook/lib/default.yml
@@ -104,13 +104,11 @@ oauth_client:
     - passbook.oauth_client.source_types.supervisr
     - passbook.oauth_client.source_types.twitter
 saml_idp:
-  signing: true
-  autosubmit: false
   issuer: passbook
-  assertion_valid_for: 86400
   # List of python packages with provider types to load.
   types:
     - passbook.saml_idp.processors.generic
+    - passbook.saml_idp.processors.aws
     - passbook.saml_idp.processors.gitlab
     - passbook.saml_idp.processors.nextcloud
     - passbook.saml_idp.processors.salesforce
diff --git a/passbook/saml_idp/processors/aws.py b/passbook/saml_idp/processors/aws.py
new file mode 100644
index 000000000..2b3c05eca
--- /dev/null
+++ b/passbook/saml_idp/processors/aws.py
@@ -0,0 +1,26 @@
+"""AWS Processor"""
+
+from passbook.saml_idp.base import Processor, xml_render
+
+
+class AWSProcessor(Processor):
+    """AWS Response Handler Processor for testing against django-saml2-sp."""
+
+    def _determine_audience(self):
+        self._audience = 'urn:amazon:webservices'
+
+    def _format_assertion(self):
+        """Formats _assertion_params as _assertion_xml."""
+        self._assertion_params['ATTRIBUTES'] = [
+            {
+                'Name': 'https://aws.amazon.com/SAML/Attributes/RoleSessionName',
+                'Value': self._django_request.user.username,
+            },
+            {
+                'Name': 'https://aws.amazon.com/SAML/Attributes/Role',
+                # 'Value': 'arn:aws:iam::471432361072:saml-provider/passbook_dev,
+                # arn:aws:iam::471432361072:role/saml_role'
+            }
+        ]
+        self._assertion_xml = xml_render.get_assertion_xml(
+            'saml/xml/assertions/generic.xml', self._assertion_params, signed=True)
diff --git a/passbook/saml_idp/processors/generic.py b/passbook/saml_idp/processors/generic.py
index 97fbb7e4b..14c060c82 100644
--- a/passbook/saml_idp/processors/generic.py
+++ b/passbook/saml_idp/processors/generic.py
@@ -5,4 +5,3 @@ from passbook.saml_idp.base import Processor
 
 class GenericProcessor(Processor):
     """Generic Response Handler Processor for testing against django-saml2-sp."""
-    pass