summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2015-03-23 13:57:12 -0400
committerSimo Sorce <simo@redhat.com>2015-03-23 18:00:21 -0400
commit704452cfa38a1d880fab920dab25f670f4fbc519 (patch)
tree42fc0b5fe55089e4f1e5ec66ae1594b6aa88aa38
parent217cabe5a2b0950b9ac4090568aa8986d51f4fc5 (diff)
downloadipsilon-704452cfa38a1d880fab920dab25f670f4fbc519.zip
ipsilon-704452cfa38a1d880fab920dab25f670f4fbc519.tar.gz
ipsilon-704452cfa38a1d880fab920dab25f670f4fbc519.tar.xz
Implement urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Return the name the user authenticated with. https://fedorahosted.org/ipsilon/ticket/27 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
-rw-r--r--ipsilon/providers/saml2/auth.py2
-rw-r--r--ipsilon/providers/saml2/provider.py2
2 files changed, 2 insertions, 2 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 4bfbc1a..d895f43 100644
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -202,6 +202,8 @@ class AuthenticateRequest(ProviderPageBase):
nameid = us.get_user().email
if not nameid:
nameid = '%s@%s' % (user.name, self.cfg.default_email_domain)
+ elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED:
+ nameid = provider.normalize_username(user.name)
if nameid:
login.assertion.subject.nameId.format = nameidfmt
diff --git a/ipsilon/providers/saml2/provider.py b/ipsilon/providers/saml2/provider.py
index c02d6fb..4439a0d 100644
--- a/ipsilon/providers/saml2/provider.py
+++ b/ipsilon/providers/saml2/provider.py
@@ -116,8 +116,6 @@ class ServiceProvider(Log):
self._debug('Requested NameId [%s]' % (nip.format,))
if nip.format is None:
return SAML2_NAMEID_MAP[self.default_nameid]
- elif nip.format == lasso.SAML2_NAME_IDENTIFIER_FORMAT_UNSPECIFIED:
- return SAML2_NAMEID_MAP[self.default_nameid]
else:
allowed = self.allowed_nameids
self._debug('Allowed NameIds %s' % (repr(allowed)))