summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2015-03-18 10:16:38 -0400
committerSimo Sorce <simo@redhat.com>2015-03-23 18:00:06 -0400
commit2ab0852570e3e18dfd7d959ae7c3bd62ea33dcca (patch)
treeaf22bc1bec36ccd5079c2978cc59042f3fe9911f
parentc84eaa4d5f44524ea37f8c2444cbd53520d75a0c (diff)
downloadipsilon-2ab0852570e3e18dfd7d959ae7c3bd62ea33dcca.tar.gz
ipsilon-2ab0852570e3e18dfd7d959ae7c3bd62ea33dcca.tar.xz
ipsilon-2ab0852570e3e18dfd7d959ae7c3bd62ea33dcca.zip
Implement urn:oasis:names:tc:SAML:2.0:nameid-format:transient
NameQualifier and SPNameQualifier are optional and are not included. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
-rw-r--r--ipsilon/providers/saml2/auth.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index f5e8f0f..71bfc9a 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -27,6 +27,7 @@ from ipsilon.util.trans import Transaction
import cherrypy
import datetime
import lasso
+import uuid
class UnknownProvider(ProviderException):
@@ -185,8 +186,7 @@ class AuthenticateRequest(ProviderPageBase):
# TODO map to something else ?
nameid = provider.normalize_username(user.name)
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT:
- # TODO map to something else ?
- nameid = provider.normalize_username(user.name)
+ nameid = '_' + uuid.uuid4().hex
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
nameid = us.get_data('user', 'krb_principal_name')
elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL: