Add a way to return the email address of the user

Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2014-03-02 18:09:27 -0500
committer: Simo Sorce <simo@redhat.com> 2014-03-02 18:13:01 -0500
commit: ad6e5efc6347639f4edfba94375151ccdbc5f7a8 (patch)
tree: 91e4140b652cff443ecc55c84887c76f55fc313e /ipsilon/providers/saml2/auth.py
parent: 51f2e1822ce32983c52435185afb5f803d3d150a (diff)
download: ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.tar.gz
ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.tar.xz
ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py
index 955f01f..3d63deb 100755
--- a/ipsilon/providers/saml2/auth.py
+++ b/ipsilon/providers/saml2/auth.py
@@ -181,6 +181,10 @@ class AuthenticateRequest(ProviderPageBase):
             nameid = user.name  ## TODO map to something else ?
         elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS:
             nameid = us.get_data('user', 'krb_principal_name')
+        elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL:
+            nameid = us.get_user().email
+            if not nameid:
+                nameid = '%s@%s' % (user.name, self.cfg.default_email_domain)
 
         if nameid:
             login.assertion.subject.nameId.format = self.nameidfmt
author	Simo Sorce <simo@redhat.com>	2014-03-02 18:09:27 -0500
committer	Simo Sorce <simo@redhat.com>	2014-03-02 18:13:01 -0500
commit	ad6e5efc6347639f4edfba94375151ccdbc5f7a8 (patch)
tree	91e4140b652cff443ecc55c84887c76f55fc313e /ipsilon/providers/saml2/auth.py
parent	51f2e1822ce32983c52435185afb5f803d3d150a (diff)
download	ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.tar.gz ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.tar.xz ipsilon-ad6e5efc6347639f4edfba94375151ccdbc5f7a8.zip