diff options
author | Simo Sorce <simo@redhat.com> | 2014-02-28 16:16:25 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-03-02 18:11:11 -0500 |
commit | 51f2e1822ce32983c52435185afb5f803d3d150a (patch) | |
tree | 11f2e31685ff4a99ef3062cbd118d0bf6df32511 /ipsilon/providers/saml2/auth.py | |
parent | 768e7740d5a37b34794b5bdc823a13c55a4cc9b7 (diff) | |
download | ipsilon-51f2e1822ce32983c52435185afb5f803d3d150a.tar.gz ipsilon-51f2e1822ce32983c52435185afb5f803d3d150a.tar.xz ipsilon-51f2e1822ce32983c52435185afb5f803d3d150a.zip |
Add way to return Kerberos nameid if available
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2/auth.py')
-rwxr-xr-x | ipsilon/providers/saml2/auth.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index 9d796c5..955f01f 100755 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -159,7 +159,8 @@ class AuthenticateRequest(ProviderPageBase): authtime_notbefore = authtime - skew authtime_notafter = authtime + skew - user = UserSession().get_user() + us = UserSession() + user = us.get_user() # TODO: get authentication type fnd name format from session # need to save which login manager authenticated and map it to a @@ -178,6 +179,8 @@ class AuthenticateRequest(ProviderPageBase): nameid = user.name ## TODO map to something else ? elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT: nameid = user.name ## TODO map to something else ? + elif self.nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS: + nameid = us.get_data('user', 'krb_principal_name') if nameid: login.assertion.subject.nameId.format = self.nameidfmt |