diff options
| author | Simo Sorce <simo@redhat.com> | 2014-03-02 18:09:27 -0500 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-03-02 18:13:01 -0500 |
| commit | ad6e5efc6347639f4edfba94375151ccdbc5f7a8 (patch) | |
| tree | 91e4140b652cff443ecc55c84887c76f55fc313e | |
| parent | 51f2e1822ce32983c52435185afb5f803d3d150a (diff) | |
| download | ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.tar.gz ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.tar.xz ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.zip | |
Add a way to return the email address of the user
Signed-off-by: Simo Sorce <simo@redhat.com>
| -rwxr-xr-x | ipsilon/providers/saml2/auth.py | 4 | ||||
| -rwxr-xr-x | ipsilon/providers/saml2idp.py | 9 | ||||
| -rwxr-xr-x | ipsilon/util/user.py | 7 |
3 files changed, 20 insertions, 0 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 955f01f..3d63deb 100755 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -181,6 +181,10 @@ class AuthenticateRequest(ProviderPageBase): nameid = user.name ## TODO map to something else ? elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS: nameid = us.get_data('user', 'krb_principal_name') + elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL: + nameid = us.get_user().email + if not nameid: + nameid = '%s@%s' % (user.name, self.cfg.default_email_domain) if nameid: login.assertion.subject.nameId.format = self.nameidfmt diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index 0fcbe67..9cf3ed6 100755 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -172,6 +172,11 @@ Provides SAML 2.0 authentication infrastructure. """ """Default NameID used by Service Providers. """, 'string', 'persistent' + ], + 'default email domain': [ + """Default email domain, for users missing email property.""", + 'string', + 'example.com' ] } @@ -206,6 +211,10 @@ Provides SAML 2.0 authentication infrastructure. """ def default_nameid(self): return self.get_config_value('default nameid') + @property + def default_email_domain(self): + return self.get_config_value('default email domain') + def get_tree(self, site): self.page = SAML2(site, self) return self.page diff --git a/ipsilon/util/user.py b/ipsilon/util/user.py index 72c5041..ea0b974 100755 --- a/ipsilon/util/user.py +++ b/ipsilon/util/user.py @@ -77,6 +77,13 @@ class User(object): self._userdata['fullname'] = value @property + def email(self): + if 'email' in self._userdata: + return self._userdata['email'] + else: + return None + + @property def sites(self): if 'sites' in self._userdata: d = [] |