diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-08-24 17:42:19 +0000 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-08-25 14:55:28 +0200 |
commit | ea3a3c63719961c66b7b45cd7cfee51cf4bd5f6d (patch) | |
tree | 0ae8cf2a03f426dce384932400ce195ae0c441fb | |
parent | 715fa96eb2f97451749d3e66b801bdefe861b16e (diff) | |
download | ipsilon-ea3a3c63719961c66b7b45cd7cfee51cf4bd5f6d.tar.gz ipsilon-ea3a3c63719961c66b7b45cd7cfee51cf4bd5f6d.tar.xz ipsilon-ea3a3c63719961c66b7b45cd7cfee51cf4bd5f6d.zip |
Log a message when authentication is successful but doesn't
match the NameID required by the SAML request.
https://fedorahosted.org/ipsilon/ticket/157
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
-rw-r--r-- | ipsilon/providers/saml2/auth.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index d856220..5412240 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -211,6 +211,8 @@ class AuthenticateRequest(ProviderPageBase): login.assertion.subject.nameId.content = nameid else: self.trans.wipe() + self.error('Authentication succeeded but it was not ' + + 'provided by NameID %s' % nameidfmt) raise AuthenticationError("Unavailable Name ID type", lasso.SAML2_STATUS_CODE_AUTHN_FAILED) |