Extra elements on get_sp_metadata()

[pgaca]

Hello there,
I'm using this package (through django-allauth) to implement a SSO. My application is acting as a Service Provider(SP) and I need to connect to an Identity Provider(IdP), delegating the identification the users to the IdP. This happens with SAML (python3-saml).

New Compliance rules in my IdP strongly recommend to add extra elements in the metadata of the SP ( the output of OneLogin_Saml2_Settings(...).get_sp_metadata() ).

New elements are of the type:

<md:EntityDescriptor...>
  <md:Extensions>
    <mdattr:EntityAttributes>
      <saml:Attribute
        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
        Name="urn:oasis:names:tc:SAML:attribute:assurance-certification">
        <saml:AttributeValue>https://refeds.org/sirtfi2</saml:AttributeValue>
        <saml:AttributeValue>https://refeds.org/sirtfi</saml:AttributeValue>
      </saml:Attribute>
    </mdattr:EntityAttributes>
  </md:Extensions>
  ...
</md:EntityDescriptor>

Ive found not where in the doc how to do this. If possible, could you guide me to include element like this on the metadata?

Thanks in advance.

[pitbulk]

The toolkit does not currently support a way to add extensions to the EntityDescriptor and there is no easy way at OneLogin_Saml2_Auth to use a different object than OneLogin_Saml2_Settings

You will need to:

1. Extend the OneLogin_Saml2_Metadata class

1.a) At the builder, to use a different template (not MD_ENTITY_DESCRIPTOR) and instead a template which includes your extension and make the builder to accept a list of EntityAttributes

2.b) Rather than use the get_sp_metadata of OneLogin_Saml2_Settings, you will need to implement your own method calling to your new extended class.