diff options
| author | Simo Sorce <simo@redhat.com> | 2014-02-28 16:16:25 -0500 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2014-03-02 18:11:11 -0500 |
| commit | 51f2e1822ce32983c52435185afb5f803d3d150a (patch) | |
| tree | 11f2e31685ff4a99ef3062cbd118d0bf6df32511 /ipsilon | |
| parent | 768e7740d5a37b34794b5bdc823a13c55a4cc9b7 (diff) | |
| download | ipsilon.git-51f2e1822ce32983c52435185afb5f803d3d150a.tar.gz ipsilon.git-51f2e1822ce32983c52435185afb5f803d3d150a.tar.xz ipsilon.git-51f2e1822ce32983c52435185afb5f803d3d150a.zip | |
Add way to return Kerberos nameid if available
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon')
| -rwxr-xr-x | ipsilon/login/authkrb.py | 6 | ||||
| -rwxr-xr-x | ipsilon/providers/saml2/auth.py | 5 |
2 files changed, 8 insertions, 3 deletions
diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py index b6ff99c..77b907b 100755 --- a/ipsilon/login/authkrb.py +++ b/ipsilon/login/authkrb.py @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipsilon.login.common import LoginPageBase, LoginManagerBase +from ipsilon.util.user import UserSession import cherrypy @@ -33,9 +34,10 @@ class KrbAuth(LoginPageBase): def root(self, *args, **kwargs): # If we can get here, we must be authenticated and remote_user - # was set. Check the session has a use set already or error. + # was set. Check the session has a user set already or error. if self.user and self.user.name: - return self.lm.auth_successful(self.user.name) + userdata = { 'krb_principal_name': self.user.name } + return self.lm.auth_successful(self.user.name, userdata) else: return self.lm.auth_failed() diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 9d796c5..955f01f 100755 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -159,7 +159,8 @@ class AuthenticateRequest(ProviderPageBase): authtime_notbefore = authtime - skew authtime_notafter = authtime + skew - user = UserSession().get_user() + us = UserSession() + user = us.get_user() # TODO: get authentication type fnd name format from session # need to save which login manager authenticated and map it to a @@ -178,6 +179,8 @@ class AuthenticateRequest(ProviderPageBase): nameid = user.name ## TODO map to something else ? elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT: nameid = user.name ## TODO map to something else ? + elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS: + nameid = us.get_data('user', 'krb_principal_name') if nameid: login.assertion.subject.nameId.format = self.nameidfmt |