diff options
author | Rob Crittenden <rcritten@redhat.com> | 2015-05-05 12:37:31 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2015-05-05 14:03:53 -0400 |
commit | 86dc3bc0353e35b4934a1696cb10f5bec0d0231d (patch) | |
tree | 89a2714af4fb9213bce5c3182923b9368050b527 | |
parent | 511500790a5132d4f59deec961d75f42c4e8e11e (diff) | |
download | ipsilon.git-86dc3bc0353e35b4934a1696cb10f5bec0d0231d.tar.gz ipsilon.git-86dc3bc0353e35b4934a1696cb10f5bec0d0231d.tar.xz ipsilon.git-86dc3bc0353e35b4934a1696cb10f5bec0d0231d.zip |
Pull the GSSAPI principal out of the userattrs
This was originally getting the principal from the
user object itself which meant it was looking for
it in the database. Look in the attributes instead
which are stored in the user session.
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
-rw-r--r-- | ipsilon/providers/saml2/auth.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 521e0c0..4d364d9 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -197,7 +197,8 @@ class AuthenticateRequest(ProviderPageBase): elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT: nameid = '_' + uuid.uuid4().hex elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS: - nameid = us.get_data('user', 'gssapi_principal_name') + userattrs = us.get_user_attrs() + nameid = userattrs.get('gssapi_principal_name') elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL: nameid = us.get_user().email if not nameid: |