diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2015-05-05 12:37:31 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-05-07 10:50:12 -0400 |
| commit | 93d4e52712767fe955f3a44a60a6c6f0f909423b (patch) | |
| tree | aba926ba11d3ebb79394cb16196221e5fb2732ab /ipsilon/providers/saml2 | |
| parent | dfa2d200b460cc852ec10a8780fe3966dc0d5906 (diff) | |
| download | ipsilon-93d4e52712767fe955f3a44a60a6c6f0f909423b.tar.gz ipsilon-93d4e52712767fe955f3a44a60a6c6f0f909423b.tar.xz ipsilon-93d4e52712767fe955f3a44a60a6c6f0f909423b.zip | |
Pull the GSSAPI principal out of the userattrs
This was originally getting the principal from the
user object itself which meant it was looking for
it in the database. Look in the attributes instead
which are stored in the user session.
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipsilon/providers/saml2')
| -rw-r--r-- | ipsilon/providers/saml2/auth.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipsilon/providers/saml2/auth.py b/ipsilon/providers/saml2/auth.py index b2c9549..8b84bc2 100644 --- a/ipsilon/providers/saml2/auth.py +++ b/ipsilon/providers/saml2/auth.py @@ -197,7 +197,8 @@ class AuthenticateRequest(ProviderPageBase): elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_TRANSIENT: nameid = '_' + uuid.uuid4().hex elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_KERBEROS: - nameid = us.get_data('user', 'gssapi_principal_name') + userattrs = us.get_user_attrs() + nameid = userattrs.get('gssapi_principal_name') elif nameidfmt == lasso.SAML2_NAME_IDENTIFIER_FORMAT_EMAIL: nameid = us.get_user().email if not nameid: |