diff options
author | Simo Sorce <simo@redhat.com> | 2014-03-02 18:32:06 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-03-02 19:11:34 -0500 |
commit | 2959e20b5607edab7313aa5ba4500c1f37358979 (patch) | |
tree | c83ce5aa7b2561dfc8eff3d7ae9fc927e1c66649 /ipsilon/providers/saml2/auth.py | |
parent | 2cf4bcfe804aaa01e4587388e0870274c20ca428 (diff) | |
download | ipsilon-2959e20b5607edab7313aa5ba4500c1f37358979.tar.gz ipsilon-2959e20b5607edab7313aa5ba4500c1f37358979.tar.xz ipsilon-2959e20b5607edab7313aa5ba4500c1f37358979.zip |
Add ability to strip domain/realm per provider
This allows to return (hopefully) the same name whether the user
authenticated via ESSO or form based authentication.
Crude for now, may be augmented with some regex configuration in the future.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2/auth.py')
-rwxr-xr-x | ipsilon/providers/saml2/auth.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 64d9835..7f92d77 100755 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -170,9 +170,11 @@ class AuthenticateRequest(ProviderPageBase): nameid = None if nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT: - nameid = user.name ## TODO map to something else ? + ## TODO map to something else ? + nameid = provider.normalize_username(user.name) elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT: - nameid = user.name ## TODO map to something else ? + ## TODO map to something else ? + nameid = provider.normalize_username(user.name) elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS: nameid = us.get_data('user', 'krb_principal_name') elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL: |